阻止访问静态内容文件夹 [英] blocking access to static content folders
问题描述
我想知道如何阻止访问我的网络应用程序中的静态内容文件夹.正确的文件夹在战争中的 web-root 文件夹内.像这样:
<前>我的应用程序/-css/-js/-swf/:网络信息/我希望内容仅在用户处于会话中时从应用程序中可见.如果有人在他/她的会话之外(过期后)点击了该网址,则应阻止该内容.
它是一个带有 spring 的 groovy-grails 应用程序,我们使用的是 tomcat 服务器.
- 通常,/WEB-INF 下的文件不能直接从外部访问.将此类文件保存在 /WEB-INF 下是一种很好的做法.
使用网络安全约束保护.以下是限制文件夹的示例:
<web-resource-collection><web-resource-name >排除的方法</web-resource-name><url-pattern>/css/*</url-pattern><url-pattern>/js/*</url-pattern><url-pattern >/swf/*</url-pattern></web-resource-collection><身份验证约束/></安全约束> 大多数应用服务器都支持向外界屏蔽文件或目录.请检查他们的文档.
I want to know how to block access to the static content folders in my web-app. right the folders are in inside the web-root folder in the war. like so:
myapp/ -css/ -js/ -swf/ : WEB-INF/
I want the content to be visible only from the application when user is in a session. The content should be blocked if someone hits the url outside his/her session (after it has expired).
Its a groovy-grails app with spring and we are using tomcat server.
- Normally, files under /WEB-INF are not accessible directly from outside. It is good practise to keep such files under /WEB-INF.
Securing using Web Security constraints. Here is the sample for restricting your folders:
<security-constraint> <web-resource-collection> <web-resource-name >precluded methods</web-resource-name> <url-pattern >/css/*</url-pattern> <url-pattern >/js/*</url-pattern> <url-pattern >/swf/*</url-pattern> </web-resource-collection> <auth-constraint/> </security-constraint>
Most of the app servers have the support of masking the files or directories to the outside world. Please check their documentations.
这篇关于阻止访问静态内容文件夹的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!