Unfortunately I don't know a solution to the problem, but what he's trying to do doesn't look that strange to me. I believe Luis'd like to hide his internal folder structure, probably. Struts 2 URL's are made up, don't correspond to any physical folders, but .js, .css and the like would probably have to be referenced directly by the internal folder structure of the web app. I believe he's trying to hide this, ain't that right?
On Wed, Feb 16, 2011 at 1:58 PM, Alex Lopez <alo...@flordeutopia.pt> wrote: > Correct me if I'm wrong, I think you could achieve this by doing: > in web.xml: > > <filter> > <filter-name>struts2</filter-name> > > > <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class> > </filter> > <filter-mapping> > <filter-name>struts2</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > and in struts.xml: > > <constant name="struts.action.extension" value=""/> > <constant name="struts.action.excludePattern" value="/js/.*, /css/.*, > /img/.*"/> > > so struts2 catches all url requests as actions, unless specified in the > excludePattern list. In your case, I think you would want a blank > excludePattern (although I don't see why someone would want to restrict > access to images etc... intended to be loaded as part of the page). > > > Em 16-02-2011 15:17, Luis Eric López Fernández escreveu: > > Hello there, >> >> I am new with Struts2 and I need to restrict direct access to my app's >> static content. Right now users can access to images, css, js, and pdfs by >> directly typing in the resource URL, something like: >> >> http://server:port/AppName/images/image_name.jpg >> >> Will take them to the place where the image is stored. >> >> As far as I can understand restricting that access is not something that >> can >> be done in the struts.xml file because of the following statement: >> >> "Requests for static resources, such as images and CSS files, bypass the >> controller and are handled directly by the container." >> (Struts2DesignAndProgramming, page 21) >> >> So my first attempt to fix this is by adding the following lines to the >> web.xml file: >> >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>RestrictedDirectories</web-resource-name> >> >> <url-pattern>/AppName/images/*</url-pattern> >> >> </web-resource-collection> >> </security-constraint> >> >> (*) My app is running on a Websphere app server. >> >> But it does not seem to work, after performing the changes and redeploying >> the app I can still go to: http://server:port >> /AppName/images/image_name.jpg >> and the image is displayed. >> >> Do you guys have any idea on how to fix this? >> >> I appreciate your help! >> Eric >> >> > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >
