如何拒绝对 Tomcat 目录的 Web 访问 [英] How to deny web access to a Tomcat directory
问题描述
我的 webapp 目录中有一个文件夹.
I've a folder inside my webapp directory.
mywebapp/repositoryFolder
此 Web 应用程序旨在接受带有凭据的 post 请求,并在正确身份验证后在 http 响应中提供文件.我想阻止对这些文件的网络访问.例如.应该不可能从地址直接访问文件:
This webapp is designed to accept a post request with credentials and serve a file in the http response after proper authentication. I would like to prevent web access to these files. E.g. Should not be possible to have direct access to a file from the address:
http://myserver.com/mywebapp/repositoryFolder/filename.ext
推荐答案
将此类文件保存在 WEB-INF 下是一个很好的约定.通常情况下,WEB-INF 下的文件是无法被外界访问的.
It is good convention to keep such files under WEB-INF. Normally, the files under WEB-INF cannot be accessed by outside world.
但是,另一个你可以通过在 web.xml 中设置这个约束来实现这一点
But, the other you can achieve this by having this constraint in web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name >precluded methods</web-resource-name>
<url-pattern >/repositoryFolder/*</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
另请参考:
这篇关于如何拒绝对 Tomcat 目录的 Web 访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!