deny illegal access to files and folders in the jsp application

hi all,
 is there a way to secure my folders and files in a jsp application?
how can i show a forbidden page error when the user enters in the address bar the ff:
https://localhost:8443/myjspfolder/another_folder
or
https://localhost:8443/myjspfolder/another_folder/pic1.gif

what i'm trying to say is,they should not be able to view the file or the contents of the folder when they enter it manually in the address bar.

i'm using apache tomcat 4.0 and jdk1.3.1 and ms sql as the database.

thanks in advance!
etucyazitAsked:
Who is Participating?
 
TimYatesConnect With a Mentor Commented:
You can block:

https://localhost:8443/myjspfolder/another_folder

By putting an index.jsp page into another_folder with:

<%
    response.sendError( HttpServletResponse.SC_FORBIDDEN ) ;
%>

That should do it...
0
 
objectsCommented:
don't think u can, your app has no way of knowing whether a URL is entered directly in the address bar
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
TimYatesCommented:
For your images, there's not much you can do :-(
0
 
rrzCommented:
You could use a Filter. You could put your private files in a folder and map your Filter to it.
 doFilter method could redirect the response to a error page if user does not have a specific session attribute.
0
 
etucyazitAuthor Commented:
thank you for all your suggestions,but im having difficulty in setting up the security in the tomcat.so im considering the answer of TimYates. though i'm only giving him partial credit,coz im still looking for solution on how i can forbid the users from accessing the file directly in the address bar.
0
All Courses

From novice to tech pro — start learning today.