Reputation: 1137
Server-side redirection in web.xml?
I'm wondering how to use GWT to hide certain files stored on the server. I have databases with passwords and such in them, and I need users to be redirected from the databases to some other page. How do I do this?
I've tried changing stuff in web.xml:
<servlet-mapping>
<servlet-name>SomeServer</servlet-name>
<url-pattern>/actual_url</url-pattern>
<url-pattern>/database1.db</url-pattern>
<url-pattern>/database2.db</url-pattern>
</servlet-mapping>
And
<servlet-mapping>
<servlet-name>SomeServer</servlet-name>
<url-pattern>/actual_url</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SomeServer</servlet-name>
<url-pattern>/database1.db</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SomeServer</servlet-name>
<url-pattern>/database2.db</url-pattern>
</servlet-mapping>
Both allow access to the servlet at actual_url like they should, but I can still access database1.db and database2.db.
I know I can hide these files using .htaccess for Apache, but I would prefer a GWT solution. Does anyone have any idea?
Also, if anyone can find a reference for web.xml it would be much appreciated. I have searched a fair bit and have found nothing.
EDIT: After a little more testing, I've found that sometimes the second methods sometimes works, sometimes it does not. Can't tell why or under what circumstances.
Upvotes: 0
Views: 3442
Answers (2)
Reputation: 666
As far as I'm concerned, GWT's server-side code is pure Java EE. So it seems, you just need to look through the Java EE specifications to find the answer.
Another suggestion would be deploying your database access servlets in a separate application. That would allow you to use another server (real or virtual) and setup its connection properties in such a way, that noone else but you could access it.
Good luck there!
Upvotes: 0
Reputation: 64551
If you don't want some files to be accessible by clients, the best way is to not deploy them, or deploy them within your war's WEB-INF or META-INF special folders.
If you have to deploy them outside the WEB-INF, then you can restrict access to them using security-constraints:
<security-constraint>
<display-name>Denied</display-name>
<web-resource-collection>
<web-resource-name/> <!-- mandatory, but can be empty -->
<url-pattern>/database1.db</url-pattern>
<url-pattern>/database2.db</url-pattern>
<!-- alternatively, you could simply use:
<url-pattern>*.db</url-pattern>
-->
</web-resource-collection>
<auth-constraint>
<!-- an empty but not absent auth-constraint denies everyone -->
</auth-constraint>
</security-constraint>
Note that if you're using AppEngine, static files are served specifically, and your web.xml doesn't apply to them unless you list them in your appengine-web.xml (see note in http://code.google.com/appengine/docs/java/config/webxml.html#Servlets_and_URL_Paths, and see http://code.google.com/appengine/docs/java/config/appconfig.html#Including_and_Excluding_Files)
Upvotes: 2
Related Questions
- Redirect from servlet to servlet
- Redirecting servlet to another html page
- How to redirect in web.xml
- Servlet redirect
- java servlet redirect with attribute
- Java- redirecting a request
- Servlet + redirection
- using redirection from servlet
- redirecting between java servlets from url containing #
- JSP redirect through servlet