I'm running webapps on Jetty. I have set "dirAllowed" to "false" to disable the directory browsing on the defined contextpath by webAppContext.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false").
But, users can still access other files (not located on the contextpath) through url (eg. http://somehost.yahoo.com:8081/abc.xml ) and abc.xml is located under the root directory of the Jetty server.
Is there a way to block/deny direct url access to files located on Jetty? Thanks!
Not without adding some functionality to your webapp, there isn't. A Java Webapp is essentially a standardized directory structure beginning at the context root (myWebApp in the sample below).
myWebApp/
index.jsp
styles/
mywebapp.css
images/
myimage.png
WEB-INF/
web.xml
lib/
MyLib.jar
classes/
MyPackage/
MyServlet.class
Anything above WEB-INF is directly serve-able, anything below WEB-INF isn't. You could dream up some authorization scheme using Servlet Filters ( http://www.oracle.com/technetwork/java/filters-137243.html ) and restrict access to content above WEB-INF. Alternatively, if Authentication/Authorization is what you are after, look into Http Authorization and how it can be implemented in Jetty ( http://www.eclipse.org/jetty/documentation/current/configuring-security-authentication.html ). One way or another, you are going to be some coding or configuration to restrict access to the content above WEB-INF in a Java webapp.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.