Bobby Bissett - Javasoft wrote On 04/25/07 12:21 PM,:
> glassfish_at_javadesktop.org wrote:
>
>> I believe this article addresses our issue:
>> http://blogs.sun.com/bobby/entry/simplified_security_role_mapping
>
>
> I'm glad that helps, but it may be a little specialized, or not give
> you the whole picture. If you want users to be able to go to some URLs
> and not others, then protecting them with <security-constraint> is one
> way to go. This page of the tutorial gives a more full example than my
> little one in the blog:
>
> http://java.sun.com/javaee/5/docs/tutorial/doc/Security-Intro6.html
>
> Of course, a simple hack to not let users see the files in a directory
> is to put an index.html/jsp page there.
Or else, you could set the "listings" init parameter of the
org.apache.catalina.servlets.DefaultServlet
in your domain's default-web.xml to false (default is true).
This will avoid producing a directory listing in the absence of any
welcome page.
Jan
> Not foolproof though.
>
> Cheers,
> Bobby
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>