web.xml中的服务器端重定向?
[英]Server-side redirection in web.xml?
问题描述
I'm wondering how to use GWT to hide certain files stored on the server. 
我想知道如何使用GWT隐藏存储在服务器上的某些文件。 I have databases with passwords and such in them, and I need users to be redirected from the databases to some other page. 我有密码等数据库,我需要将用户从数据库重定向到其他页面。 How do I do this? 我该怎么做呢?
I've tried changing stuff in web.xml: 我已经尝试在web.xml中更改内容:
<servlet-mapping>
<servlet-name>SomeServer</servlet-name>
<url-pattern>/actual_url</url-pattern>
<url-pattern>/database1.db</url-pattern>
<url-pattern>/database2.db</url-pattern>
</servlet-mapping>
And 和
<servlet-mapping>
<servlet-name>SomeServer</servlet-name>
<url-pattern>/actual_url</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SomeServer</servlet-name>
<url-pattern>/database1.db</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SomeServer</servlet-name>
<url-pattern>/database2.db</url-pattern>
</servlet-mapping>
Both allow access to the servlet at actual_url like they should, but I can still access database1.db and database2.db. 两者都允许在actual_url上访问servlet,但我仍然可以访问database1.db和database2.db。
I know I can hide these files using .htaccess for Apache, but I would prefer a GWT solution. 我知道我可以使用.htaccess为Apache隐藏这些文件,但我更喜欢GWT解决方案。 Does anyone have any idea? 有人有什么主意吗?
Also, if anyone can find a reference for web.xml it would be much appreciated. 此外,如果任何人都可以找到web.xml的引用,将非常感谢。 I have searched a fair bit and have found nothing. 我搜索了一下,却一无所获。
EDIT: After a little more testing, I've found that sometimes the second methods sometimes works, sometimes it does not. 编辑:经过一些测试后,我发现有时第二种方法有时会起作用,有时则不然。 Can't tell why or under what circumstances. 不知道为什么或在什么情况下。
2 个解决方案
解决方案1
2 已采纳 2012-03-26 09:48:32
If you don't want some files to be accessible by clients, the best way is to not deploy them, or deploy them within your war's WEB-INF or META-INF special folders. 如果您不希望客户端访问某些文件,最好的方法是不要部署它们,或将它们部署在war的WEB-INF或META-INF特殊文件夹中。
If you have to deploy them outside the WEB-INF , then you can restrict access to them using security-constraints : 如果必须在WEB-INF之外部署它们,则可以使用security-constraints来限制对它们的访问:
<security-constraint>
<display-name>Denied</display-name>
<web-resource-collection>
<web-resource-name/> <!-- mandatory, but can be empty -->
<url-pattern>/database1.db</url-pattern>
<url-pattern>/database2.db</url-pattern>
<!-- alternatively, you could simply use:
<url-pattern>*.db</url-pattern>
-->
</web-resource-collection>
<auth-constraint>
<!-- an empty but not absent auth-constraint denies everyone -->
</auth-constraint>
</security-constraint>
Note that if you're using AppEngine, static files are served specifically, and your web.xml doesn't apply to them unless you list them in your appengine-web.xml (see note in http://code.google.com/appengine/docs/java/config/webxml.html#Servlets_and_URL_Paths , and see http://code.google.com/appengine/docs/java/config/appconfig.html#Including_and_Excluding_Files ) 请注意,如果您使用的是AppEngine,则会专门提供静态文件,除非您在appengine-web.xml列出,否则您的web.xml不适用于它们(请参阅http://code.google.com中的注释) /appengine/docs/java/config/webxml.html#Servlets_and_URL_Paths ,并参阅http://code.google.com/appengine/docs/java/config/appconfig.html#Including_and_Excluding_Files )
解决方案2
0 2012-03-26 04:18:35
As far as I'm concerned, GWT's server-side code is pure Java EE. 就我而言,GWT的服务器端代码是纯Java EE。 So it seems, you just need to look through the Java EE specifications to find the answer. 所以看来,您只需要查看Java EE规范就可以找到答案。
Another suggestion would be deploying your database access servlets in a separate application. 另一个建议是在单独的应用程序中部署数据库访问servlet。 That would allow you to use another server (real or virtual) and setup its connection properties in such a way, that noone else but you could access it. 这将允许您使用另一个服务器(真实或虚拟)并以这种方式设置其连接属性,除了您可以访问它之外的任何其他人。
Good luck there! 祝你好运!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.