java:how to hide static resources like html ,images from user on jboss platfrom?

Question

I have developed a java 1.4 web application.Application is deployed on jboss(tomcat).

suppose my folder structure is

   mainfolder(contains subfolders and jsp pages)
        images(contains all of images files)
        headerfiles(header files)
        javascript(javascript files)

url for website login page is

     mywebsite.com/mainfolder/login.jsp

if user types complete url for some static resource

     mywebsite.com/mainfolder/images/myimage.jpeg

then he can view image on this url.

I want to stop user to view these resources.What should i do?

is there way some way to specigy pattern of file names which i dont want user to see. In that case i can specify *.ssi pattern to hide.

Answer 1

If those images are used in your pages, the user will HAVE TO be able to download them to see them.

This is basic HTTP. If you want to download a resource, you need to have access to it.

Preventing your users from accessing mywebsite.com/mainfolder/images/myimage.jpeg will mean you WON'T be able to use this image in your HTML or CSS.

If those files should not be available to the user but only the server, don't publish them by keeping them in a non-published folder.

Answer 2

Anything put under the webapp's WEB-INF directory cannot be directly accessed by the browser.

Answer 3

I want to stop user to view these resources. What should i do?

Honestly, this makes no utter sense. How would the client ever be able to get the static data? You can put those files in /WEB-INF (a non-published folder) to hide them from direct access, but you can never use them in your JSP pages, simply because the client isn't able anymore to directly access it.

I think the biggest misconseption here is that you didn't realize that every image, CSS file, JS file, etc counts each as a fully independent HTTP request. It is not true that the complete website is been hauled by a single HTTP request.