I've a folder inside my webapp directory.
mywebapp/repositoryFolder
This webapp is designed to accept a post request with credentials and serve a file in the http response after proper authentication. I would like to prevent web access to these files. E.g. Should not be possible to have direct access to a file from the address:
http://myserver.com/mywebapp/repositoryFolder/filename.ext
It is good convention to keep such files under WEB-INF. Normally, the files under WEB-INF cannot be accessed by outside world.
But, the other you can achieve this by having this constraint in web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name >precluded methods</web-resource-name>
<url-pattern >/repositoryFolder/*</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
Also refer this: