1 Reply Latest reply on Dec 9, 2008 12:12 AM by amitev

    Securing xml

    hardaur

      This almost has to be a stupid question, but I'm lost on it.


      From the browser I can access my page.xml files.


      For instance:  http://www.myhost.com/whatever/admin/userManager.page.xml


      From there if you View Source, it's there for you.  I don't have anything I'm super worried about in there, but it could give a potential attacker some hints as to architecture, security and whatnot.


      What's the right way to secure those resources (and any other non-xhtml resources that may be in the view tree).


      Thanks!
      Gerald


        • 1. Re: Securing xml
          amitev

          Put the following in web.xml:


           <security-constraint>
            <web-resource-collection>
             <web-resource-name>XML</web-resource-name>
             <url-pattern>*.xml</url-pattern>
            </web-resource-collection>
            <auth-constraint/>
           </security-constraint>
          



          This is a candidate for the documentation.