I’m wondering how to use GWT to hide certain files stored on the server. I have databases with passwords and such in them, and I need users to be redirected from the databases to some other page. How do I do this?
I’ve tried changing stuff in web.xml:
<servlet-mapping>
<servlet-name>SomeServer</servlet-name>
<url-pattern>/actual_url</url-pattern>
<url-pattern>/database1.db</url-pattern>
<url-pattern>/database2.db</url-pattern>
</servlet-mapping>
And
<servlet-mapping>
<servlet-name>SomeServer</servlet-name>
<url-pattern>/actual_url</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SomeServer</servlet-name>
<url-pattern>/database1.db</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SomeServer</servlet-name>
<url-pattern>/database2.db</url-pattern>
</servlet-mapping>
Both allow access to the servlet at actual_url like they should, but I can still access database1.db and database2.db.
I know I can hide these files using .htaccess for Apache, but I would prefer a GWT solution. Does anyone have any idea?
Also, if anyone can find a reference for web.xml it would be much appreciated. I have searched a fair bit and have found nothing.
EDIT: After a little more testing, I’ve found that sometimes the second methods sometimes works, sometimes it does not. Can’t tell why or under what circumstances.
If you don’t want some files to be accessible by clients, the best way is to not deploy them, or deploy them within your war’s
WEB-INForMETA-INFspecial folders.If you have to deploy them outside the
WEB-INF, then you can restrict access to them usingsecurity-constraints:Note that if you’re using AppEngine, static files are served specifically, and your
web.xmldoesn’t apply to them unless you list them in yourappengine-web.xml(see note in http://code.google.com/appengine/docs/java/config/webxml.html#Servlets_and_URL_Paths, and see http://code.google.com/appengine/docs/java/config/appconfig.html#Including_and_Excluding_Files)