Changeset 26517 for main

Show
Ignore:
Timestamp:
23.11.2012 20:19:42 (7 years ago)
Author:
ak19
Message:

Not allowing browser access to the contents of folder usersDB

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/web/WEB-INF/web.xml

    r26514 r26517  
    409409  </mime-mapping> 
    410410 
     411<!-- Deny access to contents of URL pattern /usersDB/* 
     412It appears the url pattern has to be relative to the web directory (a url-pattern of /usersDB/* is insufficient), so this may need to be done for all sites. 
     413http://stackoverflow.com/questions/5333266/tomcat-deny-access-to-specific-files 
     414and http://www.coderanch.com/t/84442/Tomcat/write-correct-url-pattern-security --> 
     415  <security-constraint> 
     416    <web-resource-collection> 
     417        <web-resource-name>usersDB files</web-resource-name> 
     418        <description>No direct access to usersDB files.</description> 
     419        <url-pattern>/sites/localsite/etc/usersDB/*</url-pattern> 
     420    <!--<url-pattern>/usersDB/*</url-pattern>--> 
     421        <http-method>POST</http-method> 
     422        <http-method>GET</http-method> 
     423    </web-resource-collection> 
     424    <auth-constraint> 
     425        <description>No direct browser access to usersDB files.</description> 
     426        <role-name>NobodyHasThisRole</role-name> 
     427    </auth-constraint> 
     428  </security-constraint> 
     429 
    411430</web-app>