I am using a symlink in Tomcat's ROOT directory to create a "virtual directory" without using Apache or another webserver.
So I do the following on Red Hat 7.2:
ln -s /repository/assets assets
However, my problem is that a savvy user can enter the following in their browser: http://myserver.com/assets
and view all the files in this directory. Is their any way (chmod) with permissions to disable directory browsing?
The other thing I though we could do would be to change the ROOT application's web.xml to protect these symlink'ed directories.