我希望能够不受限制地访问 Web 服务器根目录(欢迎页面)上的文件,但是 - 默认情况下 - 限制访问所有解析到子文件夹的 url。
我遇到的问题是,当使用/或/* 作为限制访问的默认匹配项来限制访问时,根文件夹就不能再不受限制了。在根目录下有默认的“index.html”,我想在访问域名时显示它。任何建议表示赞赏。
顺便说一下,我使用的是 jetty 6.1.6
这是我的 web.xml 文件的片段:
<servlet-mapping>
<servlet-name>SomeServlet</servlet-name>
<url-pattern>/servlet1</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>ForbidDefaultAccess</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<security-constraint>
<web-resource-collection>
<!-- unauthorized -->
<web-resource-name>GrantAccess</web-resource-name>
<url-pattern>/some_dir/*</url-pattern>
<url-pattern>/servlet1</url-pattern>
<url-pattern>/</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>AuthorizedResources</web-resource-name>
<url-pattern>/cfg/*</url-pattern>
<url-pattern>/fileupload/*</url-pattern>
<url-pattern>/list/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>UserRole</role-name>
</auth-constraint>
</security-constraint>
提前致谢
最佳答案
白名单在 Java J2EE 6 中是可能的
<security-constraint>
<web-resource-collection>
<web-resource-name>Disable unneeded HTTP methods by 403 Forbidden them</web-resource-name>
<url-pattern>*</url-pattern>
<http-method-omission>GET</http-method-omission>
<http-method-omission>HEAD</http-method-omission>
<http-method-omission>POST</http-method-omission>
</web-resource-collection>
<auth-constraint />
</security-constraint>
引用:https://blogs.oracle.com/nithya/entry/new_security_features_in_glassfish
关于java - web.xml security : how to get root unrestricted, 但其他所有限制?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15294073/