Disallowing to show the directories in my ROOT folder

Question

I have a JSP web application project StudentApp and I configured in my server.xml as follows

< Host name="test.com" appBase="D:/StudentApp" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> Context path="" reloadable="true" crossContext="true" > /Context> /Host>

When I started my application it is running fine. I have kept some folders in D:/StudentApp like properties,ROOT,svn and I can access all folders from my site.
For example I can access like test.com/properties etc..if I give this path correctly. I want to restrict only with ROOT folder..Have anybody came across with same type of issue? How can I make this?

Thanks for your comment.Since I have configured already some files,I can't change the location to WEB-INF. — Alex, Jul 04 '13 at 12:32
You need to. Unless you want the ugly solution with configuring the access rules of your HTTP server. — Hauke Ingmar Schmidt, Jul 10 '13 at 11:42

score 0 · Answer 1 · answered Jul 26 '13 at 12:39

As per the standard for web applciations, everything under the AppBase(except WEB-INF) is visible to the browser(if browsing directory is enabled or use types the full url of the file). So, if you do not want users to access those files, they HAVE to go under WEB-INF

score 0 · Answer 2 · answered Aug 31 '13 at 07:14

You have two options:

Develop a filter in you web application so every request must be checked before processing to your application.
Use tomcat Valve feature and develop a Valve so can narrow the request to only ROOT folder

Unless you can find a ready-to-use Valve, I recommend the first one.

Disallowing to show the directories in my ROOT folder

2 Answers2