Hello there, I am new with Struts2 and I need to restrict direct access to my app's static content. Right now users can access to images, css, js, and pdfs by directly typing in the resource URL, something like:
http://server:port/AppName/images/image_name.jpg Will take them to the place where the image is stored. As far as I can understand restricting that access is not something that can be done in the struts.xml file because of the following statement: "Requests for static resources, such as images and CSS files, bypass the controller and are handled directly by the container." (Struts2DesignAndProgramming, page 21) So my first attempt to fix this is by adding the following lines to the web.xml file: <security-constraint> <web-resource-collection> <web-resource-name>RestrictedDirectories</web-resource-name> <url-pattern>/AppName/images/*</url-pattern> </web-resource-collection> </security-constraint> (*) My app is running on a Websphere app server. But it does not seem to work, after performing the changes and redeploying the app I can still go to: http://server:port/AppName/images/image_name.jpg and the image is displayed. Do you guys have any idea on how to fix this? I appreciate your help! Eric
