I have developed a java 1.4 web application.Application is deployed on jboss(tomcat).
suppose my folder structure is
mainfolder(contains subfolders and jsp pages)
images(contains all of images files)
headerfiles(header files)
javascript(javascript files)
url for website login page is
mywebsite.com/mainfolder/login.jsp
if user types complete url for some static resource
mywebsite.com/mainfolder/images/myimage.jpeg
then he can view image on this url.
I want to stop user to view these resources.What should i do?
is there way some way to specigy pattern of file names which i dont want user to see. In that case i can specify *.ssi pattern to hide.
If those images are used in your pages, the user will HAVE TO be able to download them to see them.
This is basic HTTP. If you want to download a resource, you need to have access to it.
Preventing your users from accessing mywebsite.com/mainfolder/images/myimage.jpeg will mean you WON'T be able to use this image in your HTML or CSS.
If those files should not be available to the user but only the server, don't publish them by keeping them in a non-published folder.