Answer the question
In order to leave comments, you need to log in
K
K
KhanTengri2011-04-25 13:44:06
KhanTengri, 2011-04-25 13:44:06
How to set a forbidden(HTTP 403 Error) page in Jetty?
I don't want users to be able to view lists of files in the css/* js/* img/* etc directories.
I already have a couple of ideas about this:
1. It's elementary to put index.jsp in each of the above directories;
2. Assign a filter that will redirect to 403.jsp when accessing the directory roots (css/ js/ img/)
But it seems to me that this is somewhat the wrong approach, because custom 404, 500 pages are installed quite easily by adding a few lines to the web .xml:
<font color="black"><font color="#0000ff"><</font><font color="#800000">error-page</font><font color="#0000ff">></font><br/> <font color="#0000ff"><</font><font color="#800000">error-code</font><font color="#0000ff">></font>404<font color="#0000ff"></</font><font color="#800000">error-code</font><font color="#0000ff">></font><br/> <font color="#0000ff"><</font><font color="#800000">location</font><font color="#0000ff">></font>/404.jsp<font color="#0000ff"></</font><font color="#800000">location</font><font color="#0000ff">></font><br/> <font color="#0000ff"></</font><font color="#800000">error-page</font><font color="#0000ff">></font><br/> <font color="#0000ff"><</font><font color="#800000">error-page</font><font color="#0000ff">></font><br/> <font color="#0000ff"><</font><font color="#800000">error-code</font><font color="#0000ff">></font>500<font color="#0000ff"></</font><font color="#800000">error-code</font><font color="#0000ff">></font><br/> <font color="#0000ff"><</font><font color="#800000">location</font><font color="#0000ff">></font>/500.jsp<font color="#0000ff"></</font><font color="#800000">location</font><font color="#0000ff">></font><br/> <font color="#0000ff"></</font><font color="#800000">error-page</font><font color="#0000ff">></font></font><br/> <br/> <font color="gray">* This source code was highlighted with <a href="http://virtser.net/blog/post/source-code-highlighter.aspx"><font color="gray">Source Code Highlighter</font></a>.</font>
... but I don’t know how to do 403.
ZYZH You can take it even wider: how do you set up a 403 page in servlet containers? I don't think Tomcat, Jetty, etc. they are very different in this sense ...
UPD:
In general, in the end, I did this:
<font color="black"><br/> <br/> <font color="#0000ff"><</font><font color="#800000">servlet</font><font color="#0000ff">></font><br/> <font color="#0000ff"><</font><font color="#800000">servlet-name</font><font color="#0000ff">></font>forbidden<font color="#0000ff"></</font><font color="#800000">servlet-name</font><font color="#0000ff">></font><br/> <font color="#0000ff"><</font><font color="#800000">jsp-file</font><font color="#0000ff">></font>/403.jsp<font color="#0000ff"></</font><font color="#800000">jsp-file</font><font color="#0000ff">></font><br/> <font color="#0000ff"></</font><font color="#800000">servlet</font><font color="#0000ff">></font><br/> <br/> <font color="#0000ff"><</font><font color="#800000">servlet-mapping</font><font color="#0000ff">></font><br/> <font color="#0000ff"><</font><font color="#800000">servlet-name</font><font color="#0000ff">></font>forbidden<font color="#0000ff"></</font><font color="#800000">servlet-name</font><font color="#0000ff">></font><br/> <font color="#0000ff"><</font><font color="#800000">url-pattern</font><font color="#0000ff">></font>/css/<font color="#0000ff"></</font><font color="#800000">url-pattern</font><font color="#0000ff">></font><br/> <font color="#0000ff"><</font><font color="#800000">url-pattern</font><font color="#0000ff">></font>/img/<font color="#0000ff"></</font><font color="#800000">url-pattern</font><font color="#0000ff">></font><br/> <font color="#0000ff"><</font><font color="#800000">url-pattern</font><font color="#0000ff">></font>/js/<font color="#0000ff"></</font><font color="#800000">url-pattern</font><font color="#0000ff">></font><br/> <font color="#0000ff"></</font><font color="#800000">se</font><font color="#0000ff"><</font><font color="#800000">rvlet-mapping</font><font color="#0000ff">></font></font><br/> <br/> <font color="gray">* This source code was highlighted with <a href="http://virtser.net/blog/post/source-code-highlighter.aspx"><font color="gray">Source Code Highlighter</font></a>.</font>
UPD2:
and then changed to something like this:
<security-constraint>
<display-name>show forbidden message</display-name>
<web-resource-collection>
<web-resource-name>forbidden</web-resource-name >
<url-pattern>/css/</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
1 answer(s)
@ertaquo
Source
For Jetty, too, in theory should come up.
E
ertaquo, 2011-04-25 @ertaquo
In Tomcat this can be done by adding a new section to WEB-INF/web.xml (example for /css/*):
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTP-Protected-Resource-1</web-resource-name>
<description>Description here</description>
<url-pattern>/css/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>NOSOUPFORYOU</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>DEFAULT</auth-method>
<realm-name>NOACCESSFORANYONE</realm-name>
</login-config>
<security-role>
<role-name>NOSOUPFORYOU</role-name>
</security-role>
* This source code was highlighted with Source Code Highlighter.Source
For Jetty, too, in theory should come up.
Similar questions
D
B
B
M
V
Vasiliy_Pankratov2020-05-12 09:26:14
Why am I getting a java.lang.NoClassDefFoundError error?
1Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question