Home/ Questions/Q 7860839
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T22:27:33+00:00

I have a Tomcat server running some Jersey RESTful services and I’m using Apache

  • 0

I have a Tomcat server running some Jersey RESTful services and I’m using Apache to host the static content. The static content for the most part is empty, and the content is filled out via RESTful calls, but aside from the login page, I don’t want anyone to be able to browse to the other static pages directly. We have an authentication servlet that filters any requests to the REST services, but I was wondering what the best approach would be to handle the static content. I’d rather not be serving static content via Tomcat if at all possible.

Edit: I should mention that only the login page should be directly accessible with no need to be filtered, etc.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The first idea that comes to mind would be setting a Cookie when the user authenticates that you could then check for in Apache using mod_rewrite.

    Not sure if that works for you though…

    Let me know if you’d like an example RewriteRule.

    EDIT – example rule:

    Assuming static content resides in a /static/ directory, the following should result in a 401 Forbidden if the user hasn’t logged in (resulting in the cookie having a value of authenticated=true)

    RewriteEngine on

RewriteCond %{REQUEST_URI} ^\/static\/
RewriteCond %{HTTP_COOKIE} !authenticated=true
RewriteRule .* - [L,F]

    I have used this method for directing mobile traffic, but not for restricting secure content, so I would recommend some thorough testing.

    Hope that helps.

    • 0