Changeset 26576

Timestamp:

2012-12-12T14:56:32+13:00 (11 years ago)

Author:

ak19

Message:

Deny access to the Greenstone 3 log files, with greenstone.log particularly in mind. The change is made to web.xml, which will make it easier for users to choose to allow public access to these logs if they want to share the contents with the mailing list were they to encounter any GS3 problems.

File:

• main/trunk/greenstone3/web/WEB-INF/web.xml (modified) (1 diff)

main/trunk/greenstone3/web/WEB-INF/web.xml

@@ -409 +409 @@
   </mime-mapping>
 
-<!-- Deny access to contents of URL pattern /usersDB/*
-It appears the url pattern has to be relative to the web directory (a url-pattern of /usersDB/* is insufficient), so this may need to be done for all sites.
+<!-- Deny access to contents of URL pattern /logs/*, although greenstone.log is the important one. It appears the url pattern has to be relative to the web directory. 
 http://stackoverflow.com/questions/5333266/tomcat-deny-access-to-specific-files
 and http://www.coderanch.com/t/84442/Tomcat/write-correct-url-pattern-security -->
   <security-constraint>
     <web-resource-collection>
-        <web-resource-name>usersDB files</web-resource-name>
-        <description>No direct access to usersDB files.</description>
-        <url-pattern>/sites/localsite/etc/usersDB/*</url-pattern>
-    <!--<url-pattern>/usersDB/*</url-pattern>-->
+        <web-resource-name>log files</web-resource-name>
+        <description>No direct access to greenstone's logs.</description>
+        <url-pattern>/logs/*</url-pattern>
         <http-method>POST</http-method>
         <http-method>GET</http-method>
     </web-resource-collection>
     <auth-constraint>
-        <description>No direct browser access to usersDB files.</description>
+        <description>No direct browser access to log files.</description>
         <role-name>NobodyHasThisRole</role-name>
     </auth-constraint>