I am running a web application in Tomcat server (OSGI based). I want to

Question

0

Asked: May 27, 20262026-05-27T15:51:21+00:00 2026-05-27T15:51:21+00:00

I am running a web application in Tomcat server (OSGI based). I want to

0

I am running a web application in Tomcat server (OSGI based). I want to restrict the user from accessing URLs like

http://localhost:53307/myapp/servlet/startPage?PAGEURL=../../myapp/x/y/license.txt

I’ve configured web.xml as

 <security-constraint>
    <web-resource-collection>
        <web-resource-name>Lic</web-resource-name>
        <url-pattern>/x/y/*</url-pattern>
    </web-resource-collection>
   <auth-constraint />
</security-constraint>

This is still allowing the user to access the above URL. I think the URL pattern looks for the string starting after the context name. It’s not looking for matching values in the query string.

I want a configuration which prevents the user from accessing a URL (including the query string) that matches the configured value. Please help me configure it.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T15:51:22+00:00

Editorial Team

2026-05-27T15:51:22+00:00Added an answer on May 27, 2026 at 3:51 pm

It’s working fine now. I made some mistake while testing.. The configuration above is fine

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am running a web application in Tomcat server (OSGI based). I want to

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply