0

Hello!

I'm trying to figure out if there is a way to hide content, for instance a html file from browser users in Tomcat.

A servlet is to check if a password is correct and if so use response.sendRedirect("example.html").

Having the example.html directly in webapps/Application folder makes it accessible to anyone by typing http://whatev.com/Application/example.html

I seem to remember that files added in WEB-INF are hidden. But then I cant seem to redirect to them.

I guess the proper way is to use a Filter, but Im really curious if it can be easily done the way I imagine. It feels that in this day of age, having content so accessible by default and make it difficult to hide, rather then the other way around, feels weird. I bet I'm missing something obvious, thus the question :)

Thanks in advance!

brat
  • 586
  • 5
  • 17

1 Answers1

0

Putting the pages into WEB-INF is the mostly used way how to do it, then there is accessible by default nearly nothing and the app decides about the fact which content is shown in which context in the application (so, also for which user). In the application you define the mapping of the url actions to such by default invisible pages - in the most of cases there are mostly some dynamically generated pages, not simple html. Mostly used way is to use some web application framework, which does it for you - like Spring framework, Struts or others.

You can also limit the access to the web application resources with the usage specific tomcat features like the definition of tomcat users and security roles - see for example this link or this example

Artur Linhart
  • 79
  • 8