deny illegal access to files and folders in the jsp application

Posted on 2004-11-21
Last Modified: 2010-04-01
hi all,
 is there a way to secure my folders and files in a jsp application?
how can i show a forbidden page error when the user enters in the address bar the ff:

what i'm trying to say is,they should not be able to view the file or the contents of the folder when they enter it manually in the address bar.

i'm using apache tomcat 4.0 and jdk1.3.1 and ms sql as the database.

thanks in advance!
Question by:etucyazit
    LVL 92

    Expert Comment

    don't think u can, your app has no way of knowing whether a URL is entered directly in the address bar
    LVL 6

    Assisted Solution

    LVL 35

    Accepted Solution

    You can block:


    By putting an index.jsp page into another_folder with:

        response.sendError( HttpServletResponse.SC_FORBIDDEN ) ;

    That should do it...
    LVL 35

    Expert Comment

    For your images, there's not much you can do :-(
    LVL 27

    Expert Comment

    You could use a Filter. You could put your private files in a folder and map your Filter to it.
     doFilter method could redirect the response to a error page if user does not have a specific session attribute.

    Author Comment

    thank you for all your suggestions,but im having difficulty in setting up the security in the im considering the answer of TimYates. though i'm only giving him partial credit,coz im still looking for solution on how i can forbid the users from accessing the file directly in the address bar.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Suggested Solutions

    Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
    Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now