2 Replies Latest reply on Jun 17, 2007 8:57 PM by norman.richards

    Seam security problem

    statelessbean
    statelessbean Jun 17, 2007 6:24 PM

      Hi,
      I have seam app, with folder "/myApp/pages/" restricted like:

       <page view-id="/pages/*">
 <restrict>#{identity.loggedIn}</restrict>
 <navigation from-action="#{myAction.myMethod}">
 <redirect view-id="/main_page.xhtml"/>
 </navigation>


      page access is secured but if i write:
      http://localhost:8080/myApp/pages/

      I see all of files and folders. How can I prevent this?



      • 1102 Views
      • Tags:
        • 1. Re: Seam security problem
          norman.richards Jun 17, 2007 8:57 PM (in response to statelessbean)

          You need to disable directory browsing in your web container.

          Keep in mind that an entry in pages.xml ONLY protects resources that go through Faces Servlet. It will not protect resources on the server (directory listings/static files) that aren't served through it.

            • Actions
          • 2. Re: Seam security problem
            norman.richards Jun 17, 2007 8:57 PM (in response to statelessbean)

            You need to disable directory browsing in your web container.

            Keep in mind that an entry in pages.xml ONLY protects resources that go through Faces Servlet. It will not protect resources on the server (directory listings/static files) that aren't served through it.

              • Actions