On 02/12/10 10:30 AM, glassfish_at_javadesktop.org wrote:
> I'm new to Glassfish. I've looked through the documentation but I can't seem to find exactly what I'm looking for. I would like the ability to protect certain files (say, files with a particular extension) or certain directories from being served up to the browser. Is there a way that I can specify essentially "ignore any request for a files with an extension of .xyz?"
>
> Any help is greatly appreciated. I will be more than happy to dig for the answer myself if someone can just point me in the right direction.
>
Specify a <security-constraint> with a <web-resource-collection>
subelement with one or more <url-pattern> elements matching the
resources that you would like to see protected, e.g., with a <url-pattern>
of the form:
<url-pattern>*.xyz</url-pattern>
along with an <auth-constraint> that does not name any roles.
This is a Servlet specification feature, and not particular to GlassFish
(but GlassFish being the RI implements it, of course).
See SRV 13.8:
An authorization constraint that names no roles indicates that access
to the
constrained requests must not be permitted under any circumstances.
Jan
> Thanks!
> [Message sent by forum member 'sifukurt' (kurt.kincaid_at_gmail.com)]
>
> http://forums.java.net/jive/thread.jspa?messageID=386439
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>