"hiding" tomcat resource from outside
1 posts in topic
Flat View  Flat View

Posted By:   Eino_Jah
Posted On:   Wednesday, November 5, 2008 04:58 PM


I have an admin area in my application I want to secure.
I know I can define a security constraint to set a basic or digest authentication for a url pattern.

But, I don't want the /admin area to be shown outside at all. The basic authentication is extremely weak and digest auth. also doesn't provide enough security.

Is it possible to "hide" an url pattern on the outside, but have it available when accessing from the server machine?


Re: "hiding" tomcat resource from outside

Posted By:   Robert_Lybarger  
Posted On:   Wednesday, November 5, 2008 07:23 PM

Anything underneath WEB-INF is hidden from the outside world, but generally still available to the JSPs and servlet files elsewhere in the app (at least under Tomcat... less sure how other containers treat this).
About | Sitemap | Contact