I want to know how to block access to the static content folders in my web-app. right the folders are in inside the web-root folder in the war. like so:
myapp/ -css/ -js/ -swf/ : WEB-INF/
I want the content to be visible only from the application when user is in a session. The content should be blocked if someone hits the url outside his/her session (after it has expired).
Its a groovy-grails app with spring and we are using tomcat server.
Securing using Web Security constraints. Here is the sample for restricting your folders:
<security-constraint>
<web-resource-collection>
<web-resource-name >precluded methods</web-resource-name>
<url-pattern >/css/*</url-pattern>
<url-pattern >/js/*</url-pattern>
<url-pattern >/swf/*</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
Most of the app servers have the support of masking the files or directories to the outside world. Please check their documentations.
Tomcat Documentation
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With