Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] How to disable directory listing
Hi Jone,

both your webdefault.xml and web.xml look ok to me. You've dirAllowed set to false and this should supress the default servlet to provide any directory listings.
I don't see any obvious mapping in your web.xml which might provide some kind of directory listing. Can you make sure that you get a directory listing without your webapp being installed? Then we know that jetty is providing the dir listing. Do you get directory listings for all directories or only specific paths?

Cheers,
Thomas

On 8/10/11 8:46 AM, Jone Lura wrote:
Hi Thomas,

webdefault.xml (I tried to remove the welcome files)

<?xml version="1.0" encoding="ISO-8859-1"?>

  <!-- ===================================================================== -->
  <!-- This file contains the default descriptor for web applications.       -->
  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -->
  <!-- The intent of this descriptor is to include jetty specific or common  -->
  <!-- configuration for all webapps.   If a context has a webdefault.xml    -->
  <!-- descriptor, it is applied before the contexts own web.xml file        -->
  <!--                                                                       -->
  <!-- A context may be assigned a default descriptor by:                    -->
  <!--  + Calling WebApplicationContext.setDefaultsDescriptor                -->
  <!--  + Passed an arg to addWebApplications                                -->
  <!--                                                                       -->
  <!-- This file is used both as the resource within the jetty.jar (which is -->
  <!-- used as the default if no explicit defaults descriptor is set) and it -->
  <!-- is copied to the etc directory of the Jetty distro and explicitly     -->
  <!-- by the jetty.xml file.                                                -->
  <!--                                                                       -->
  <!-- ===================================================================== -->
<web-app
  metadata-complete="true"
  version="2.5"
>

  <description>
    Default web.xml file.  
    This file is applied to a Web application before it's own WEB_INF/web.xml file
  </description>


  <!-- ==================================================================== -->
  <!-- Context params to control Session Cookies                            -->
  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  -->
  <!--
    UNCOMMENT TO ACTIVATE <context-param> <param-name>org.eclipse.jetty.servlet.SessionDomain</param-name> <param-value>127.0.0.1</param-value> </context-param> <context-param>
    <param-name>org.eclipse.jetty.servlet.SessionPath</param-name> <param-value>/</param-value> </context-param> <context-param> <param-name>org.eclipse.jetty.servlet.MaxAge</param-name>
    <param-value>-1</param-value> </context-param>
  -->

  <!-- ==================================================================== -->
  <!-- The default servlet.                                                 -->
  <!-- This servlet, normally mapped to /, provides the handling for static -->
  <!-- content, OPTIONS and TRACE methods for the context.                  -->
  <!-- The following initParameters are supported:                          -->
  <!--  
 *  acceptRanges      If true, range requests and responses are
 *                    supported
 *
 *  dirAllowed        If true, directory listings are returned if no
 *                    welcome file is found. Else 403 Forbidden.
 *
 *  welcomeServlets   If true, attempt to dispatch to welcome files
 *                    that are servlets, but only after no matching static
 *                    resources could be found. If false, then a welcome
 *                    file must exist on disk. If "exact", then exact
 *                    servlet matches are supported without an existing file.
 *                    Default is true.
 *
 *                    This must be false if you want directory listings,
 *                    but have index.jsp in your welcome file list.
 *
 *  redirectWelcome   If true, welcome files are redirected rather than
 *                    forwarded to.
 *
 *  gzip              If set to true, then static content will be served as
 *                    gzip content encoded if a matching resource is
 *                    found ending with ".gz"
 *
 *  resourceBase      Set to replace the context resource base
 *
 *  resourceCache     If set, this is a context attribute name, which the servlet 
 *                    will use to look for a shared ResourceCache instance. 
 *                        
 *  relativeResourceBase
 *                    Set with a pathname relative to the base of the
 *                    servlet context root. Useful for only serving static content out
 *                    of only specific subdirectories.
 *
 *  aliases           If True, aliases of resources are allowed (eg. symbolic
 *                    links and caps variations). May bypass security constraints.
 *
 *  maxCacheSize      The maximum total size of the cache or 0 for no cache.
 *  maxCachedFileSize The maximum size of a file to cache
 *  maxCachedFiles    The maximum number of files to cache
 *
 *  useFileMappedBuffer
 *                    If set to true, it will use mapped file buffer to serve static content
 *                    when using NIO connector. Setting this value to false means that
 *                    a direct buffer will be used instead of a mapped file buffer.
 *                    By default, this is set to true.
 *
 *  cacheControl      If set, all static content will have this value set as the cache-control
 *                    header.
 -->

 

 

  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  -->
  <servlet>
    <servlet-name>default</servlet-name>
    <servlet-class>org.eclipse.jetty.servlet.DefaultServlet</servlet-class>
    <init-param>
      <param-name>aliases</param-name>
      <param-value>false</param-value>
    </init-param>
    <init-param>
      <param-name>acceptRanges</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>dirAllowed</param-name>
      <param-value>false</param-value>
    </init-param>
    <init-param>
      <param-name>welcomeServlets</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>redirectWelcome</param-name>
      <param-value>false</param-value>
    </init-param>
    <init-param>
      <param-name>maxCacheSize</param-name>
      <param-value>256000000</param-value>
    </init-param>
    <init-param>
      <param-name>maxCachedFileSize</param-name>
      <param-value>200000000</param-value>
    </init-param>
    <init-param>
      <param-name>maxCachedFiles</param-name>
      <param-value>2048</param-value>
    </init-param>
    <init-param>
      <param-name>gzip</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>useFileMappedBuffer</param-name>
      <param-value>true</param-value>
    </init-param>
    <init-param>
      <param-name>resourceCache</param-name>
      <param-value>resourceCache</param-value>
    </init-param>
    <!--
    <init-param>
      <param-name>cacheControl</param-name>
      <param-value>max-age=3600,public</param-value>
    </init-param>
    -->
    <load-on-startup>0</load-on-startup>
  </servlet>

  <servlet-mapping>
    <servlet-name>default</servlet-name>
    <url-pattern>/dgds</url-pattern>
  </servlet-mapping>


  <!-- ==================================================================== -->
  <!-- JSP Servlet                                                          -->
  <!-- This is the jasper JSP servlet from the jakarta project              -->
  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  -->
  <!-- The JSP page compiler and execution servlet, which is the mechanism  -->
  <!-- used by Glassfish to support JSP pages.  Traditionally, this servlet -->
  <!-- is mapped to URL patterh "*.jsp".  This servlet supports the         -->
  <!-- following initialization parameters (default values are in square    -->
  <!-- brackets):                                                           -->
  <!--                                                                      -->
  <!--   checkInterval       If development is false and reloading is true, -->
  <!--                       background compiles are enabled. checkInterval -->
  <!--                       is the time in seconds between checks to see   -->
  <!--                       if a JSP page needs to be recompiled. [300]    -->
  <!--                                                                      -->
  <!--   compiler            Which compiler Ant should use to compile JSP   -->
  <!--                       pages.  See the Ant documenation for more      -->
  <!--                       information. [javac]                           -->
  <!--                                                                      -->
  <!--   classdebuginfo      Should the class file be compiled with         -->
  <!--                       debugging information?  [true]                 -->
  <!--                                                                      -->
  <!--   classpath           What class path should I use while compiling   -->
  <!--                       generated servlets?  [Created dynamically      -->
  <!--                       based on the current web application]          -->
  <!--                       Set to ? to make the container explicitly set  -->
  <!--                       this parameter.                                -->
  <!--                                                                      -->
  <!--   development         Is Jasper used in development mode (will check -->
  <!--                       for JSP modification on every access)?  [true] -->
  <!--                                                                      -->
  <!--   enablePooling       Determines whether tag handler pooling is      -->
  <!--                       enabled  [true]                                -->
  <!--                                                                      -->
  <!--   fork                Tell Ant to fork compiles of JSP pages so that -->
  <!--                       a separate JVM is used for JSP page compiles   -->
  <!--                       from the one Tomcat is running in. [true]      -->
  <!--                                                                      -->
  <!--   ieClassId           The class-id value to be sent to Internet      -->
  <!--                       Explorer when using <jsp:plugin> tags.         -->
  <!--                       [clsid:8AD9C840-044E-11D1-B3E9-00805F499D93]   -->
  <!--                                                                      -->
  <!--   javaEncoding        Java file encoding to use for generating java  -->
  <!--                       source files. [UTF-8]                          -->
  <!--                                                                      -->
  <!--   keepgenerated       Should we keep the generated Java source code  -->
  <!--                       for each page instead of deleting it? [true]   -->
  <!--                                                                      -->
  <!--   logVerbosityLevel   The level of detailed messages to be produced  -->
  <!--                       by this servlet.  Increasing levels cause the  -->
  <!--                       generation of more messages.  Valid values are -->
  <!--                       FATAL, ERROR, WARNING, INFORMATION, and DEBUG. -->
  <!--                       [WARNING]                                      -->
  <!--                                                                      -->
  <!--   mappedfile          Should we generate static content with one     -->
  <!--                       print statement per input line, to ease        -->
  <!--                       debugging?  [false]                            -->
  <!--                                                                      -->
  <!--                                                                      -->
  <!--   reloading           Should Jasper check for modified JSPs?  [true] -->
  <!--                                                                      -->
  <!--   suppressSmap        Should the generation of SMAP info for JSR45   -->
  <!--                       debugging be suppressed?  [false]              -->
  <!--                                                                      -->
  <!--   dumpSmap            Should the SMAP info for JSR45 debugging be    -->
  <!--                       dumped to a file? [false]                      -->
  <!--                       False if suppressSmap is true                  -->
  <!--                                                                      -->
  <!--   scratchdir          What scratch directory should we use when      -->
  <!--                       compiling JSP pages?  [default work directory  -->
  <!--                       for the current web application]               -->
  <!--                                                                      -->
  <!--   tagpoolMaxSize      The maximum tag handler pool size  [5]         -->
  <!--                                                                      -->
  <!--   xpoweredBy          Determines whether X-Powered-By response       -->
  <!--                       header is added by generated servlet  [false]  -->
  <!--                                                                      -->
  <!-- If you wish to use Jikes to compile JSP pages:                       -->
  <!--   Set the init parameter "compiler" to "jikes".  Define              -->
  <!--   the property "-Dbuild.compiler.emacs=true" when starting Jetty     -->
  <!--   to cause Jikes to emit error messages in a format compatible with  -->
  <!--   Jasper.                                                            -->
  <!--   If you get an error reporting that jikes can't use UTF-8 encoding, -->
  <!--   try setting the init parameter "javaEncoding" to "ISO-8859-1".     -->
  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  -->
  <servlet
    id="jsp"
  >
    <servlet-name>jsp</servlet-name>
    <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
    <init-param>
      <param-name>logVerbosityLevel</param-name>
      <param-value>DEBUG</param-value>
    </init-param>
    <init-param>
      <param-name>fork</param-name>
      <param-value>false</param-value>
    </init-param>
    <init-param>
      <param-name>xpoweredBy</param-name>
      <param-value>false</param-value>
    </init-param>
    <!--  
    <init-param>
        <param-name>classpath</param-name>
        <param-value>?</param-value>
    </init-param>
    -->
    <load-on-startup>0</load-on-startup>
  </servlet>

  <servlet-mapping>
    <servlet-name>jsp</servlet-name>
    <url-pattern>*.jsp</url-pattern>
    <url-pattern>*.jspf</url-pattern>
    <url-pattern>*.jspx</url-pattern>
    <url-pattern>*.xsp</url-pattern>
    <url-pattern>*.JSP</url-pattern>
    <url-pattern>*.JSPF</url-pattern>
    <url-pattern>*.JSPX</url-pattern>
    <url-pattern>*.XSP</url-pattern>
  </servlet-mapping>

  <!-- ==================================================================== -->
  <!-- Dynamic Servlet Invoker.                                             -->
  <!-- This servlet invokes anonymous servlets that have not been defined   -->
  <!-- in the web.xml or by other means. The first element of the pathInfo  -->
  <!-- of a request passed to the envoker is treated as a servlet name for  -->
  <!-- an existing servlet, or as a class name of a new servlet.            -->
  <!-- This servlet is normally mapped to /servlet/*                        -->
  <!-- This servlet support the following initParams:                       -->
  <!--                                                                      -->
  <!--  nonContextServlets       If false, the invoker can only load        -->
  <!--                           servlets from the contexts classloader.    -->
  <!--                           This is false by default and setting this  -->
  <!--                           to true may have security implications.    -->
  <!--                                                                      -->
  <!--  verbose                  If true, log dynamic loads                 -->
  <!--                                                                      -->
  <!--  *                        All other parameters are copied to the     -->
  <!--                           each dynamic servlet as init parameters    -->
  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  -->
  <!--
    Uncomment for dynamic invocation <servlet> <servlet-name>invoker</servlet-name> <servlet-class>org.eclipse.jetty.servlet.Invoker</servlet-class> <init-param> <param-name>verbose</param-name>
    <param-value>false</param-value> </init-param> <init-param> <param-name>nonContextServlets</param-name> <param-value>false</param-value> </init-param> <init-param>
    <param-name>dynamicParam</param-name> <param-value>anyValue</param-value> </init-param> <load-on-startup>0</load-on-startup> </servlet> <servlet-mapping> <servlet-name>invoker</servlet-name>
    <url-pattern>/servlet/*</url-pattern> </servlet-mapping>
  -->



  <!-- ==================================================================== -->
  <session-config>
    <session-timeout>30</session-timeout>
  </session-config>

  <!-- ==================================================================== -->
  <!-- Default MIME mappings                                                -->
  <!-- The default MIME mappings are provided by the mime.properties        -->
  <!-- resource in the org.eclipse.jetty.server.jar file.  Additional or modified  -->
  <!-- mappings may be specified here                                       -->
  <!-- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  -->
  <!-- UNCOMMENT TO ACTIVATE
  <mime-mapping>
    <extension>mysuffix</extension>
    <mime-type>mymime/type</mime-type>
  </mime-mapping>
  -->

  <!-- ==================================================================== -->

 

  <!-- ==================================================================== -->
  <locale-encoding-mapping-list>
    <locale-encoding-mapping>
      <locale>ar</locale>
      <encoding>ISO-8859-6</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>be</locale>
      <encoding>ISO-8859-5</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>bg</locale>
      <encoding>ISO-8859-5</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>ca</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>cs</locale>
      <encoding>ISO-8859-2</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>da</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>de</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>el</locale>
      <encoding>ISO-8859-7</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>en</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>es</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>et</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>fi</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>fr</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>hr</locale>
      <encoding>ISO-8859-2</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>hu</locale>
      <encoding>ISO-8859-2</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>is</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>it</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>iw</locale>
      <encoding>ISO-8859-8</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>ja</locale>
      <encoding>Shift_JIS</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>ko</locale>
      <encoding>EUC-KR</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>lt</locale>
      <encoding>ISO-8859-2</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>lv</locale>
      <encoding>ISO-8859-2</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>mk</locale>
      <encoding>ISO-8859-5</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>nl</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>no</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>pl</locale>
      <encoding>ISO-8859-2</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>pt</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>ro</locale>
      <encoding>ISO-8859-2</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>ru</locale>
      <encoding>ISO-8859-5</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>sh</locale>
      <encoding>ISO-8859-5</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>sk</locale>
      <encoding>ISO-8859-2</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>sl</locale>
      <encoding>ISO-8859-2</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>sq</locale>
      <encoding>ISO-8859-2</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>sr</locale>
      <encoding>ISO-8859-5</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>sv</locale>
      <encoding>ISO-8859-1</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>tr</locale>
      <encoding>ISO-8859-9</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>uk</locale>
      <encoding>ISO-8859-5</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>zh</locale>
      <encoding>GB2312</encoding>
    </locale-encoding-mapping>
    <locale-encoding-mapping>
      <locale>zh_TW</locale>
      <encoding>Big5</encoding>
    </locale-encoding-mapping>
  </locale-encoding-mapping-list>

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Disable TRACE</web-resource-name>
      <url-pattern>/</url-pattern>
      <http-method>TRACE</http-method>
    </web-resource-collection>
    <auth-constraint/>
  </security-constraint>

</web-app>


And this is the web.xml for my application

<?xml version="1.0" encoding="ISO-8859-1"?>
metadata-complete="true" version="2.5">

<display-name>GDS</display-name>


<!-- JSF2 -->


<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>


<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>


<!-- Primefaces Upload -->
<filter>
        <filter-name>PrimeFaces FileUpload Filter</filter-name>
        <filter-class>
            org.primefaces.webapp.filter.FileUploadFilter
        </filter-class>
    </filter>

    <filter-mapping>
        <filter-name>PrimeFaces FileUpload Filter</filter-name>
        <servlet-name>Faces Servlet</servlet-name>
    </filter-mapping>

    

    <context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>

    

<!-- end Primefaces Upload -->



<!-- OIOSAML -->

<context-param>
<param-name>oiosaml-j.home</param-name>
<param-value>../server/gds/conf/oio/@@instance@@
</param-value>
</context-param>

<servlet>
<servlet-name>SAMLDispatcherServlet
</servlet-name>
<servlet-class>dk.itst.oiosaml.sp.service.DispatcherServlet
</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>SAMLDispatcherServlet
</servlet-name>
<url-pattern>/saml/*</url-pattern>
</servlet-mapping>

<filter>
<filter-name>ApplicationContextFilter
</filter-name>
<filter-class>no.ecc.gds.config.ApplicationContextFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>ApplicationContextFilter
</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>



<filter>
<filter-name>LoginFilter</filter-name>
<filter-class>no.ecc.gds.security.LoginFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/inspector/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/vesseldb/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/gds/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/download/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/vrc/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/svpn/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/appletParameters/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/wms_session/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/wfs_session/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/map/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/j_spring_security_check</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/j_spring_security_logout</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFilter</filter-name>
<url-pattern>/portal/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>


<!-- Spring Config -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>


<!-- ConfigureListener is not generally required. Due to an apparent bug in 
     Tomcat users have reported seeing the following error "SEVERE: ICEfaces 
     could not initialize JavaServer Faces. Please check that the JSF .jar files 
     are installed correctly.". Specifying the ConfigureListener resolves the 
     issue.--> 
<!--    <listener> 
        <listener-class>com.sun.faces.config.ConfigureListener</listener-class> 
    </listener>-->

<!-- Primefaces Theme -->


<context-param>  
    <param-name>primefaces.THEME</param-name>  
    <param-value>none</param-value>  
</context-param

<!-- end primefaces theme -->

<!--
Listener needed to start Faces servlets in embedded application server mode.


Known issue with embedded Jetty and Glassfish.


-->
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class> 
</listener>

<listener>
<listener-class>no.ecc.gds.utility.GDSServletContextListener
</listener-class>
</listener>

<filter>
<filter-name>DataContextCleanupFilter
</filter-name>
<filter-class>no.ecc.gds.utility.DataContextCleanupFilter
</filter-class>
</filter>
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter
</filter-class>
</filter>
<filter>
<filter-name>GdsAccessFilter</filter-name>
<filter-class>no.ecc.gds.security.GdsAccessFilter
</filter-class>
<init-param>
<param-name>AccessRole</param-name>
<param-value>VPN</param-value>
</init-param>
</filter>

<filter-mapping>
<filter-name>DataContextCleanupFilter
</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
<init-param>
<param-name>logLevel</param-name>
<param-value>WARN</param-value>
</init-param>
</filter-mapping>
<filter-mapping>
<filter-name>GdsAccessFilter</filter-name>
<url-pattern>/gds/*</url-pattern>
</filter-mapping>

<servlet>
<servlet-name>FrontController</servlet-name>
<servlet-class>no.ecc.gds.vpn.FrontController
</servlet-class>
</servlet>

<servlet>
<servlet-name>click-servlet</servlet-name>
<servlet-class>net.sf.click.ClickServlet
</servlet-class>
<load-on-startup>0</load-on-startup>
</servlet>
<servlet>
<servlet-name>ServletClientAuthorization
</servlet-name>
<servlet-class>no.ecc.gds.ServletClientAuthorization
</servlet-class>
</servlet>
<servlet>
<servlet-name>ServletParameters</servlet-name>
<servlet-class>no.ecc.gds.srvlAppletParameters
</servlet-class>
</servlet>
<servlet>
<servlet-name>InvoiceOrdersReportDownload
</servlet-name>
<servlet-class>no.ecc.gds.srvlInvoiceReportDownload
</servlet-class>
</servlet>
<servlet>
<servlet-name>Delete</servlet-name>
<servlet-class>no.ecc.gds.srvlDelete
</servlet-class>
</servlet>
<servlet>
<servlet-name>Download</servlet-name>
<servlet-class>no.ecc.gds.srvlDownload
</servlet-class>
</servlet>
<servlet>
<servlet-name>Save</servlet-name>
<servlet-class>no.ecc.gds.srvlSave</servlet-class>
</servlet>
<servlet>
<servlet-name>Upload</servlet-name>
<servlet-class>no.ecc.gds.srvlUploadFile
</servlet-class>
</servlet>
<servlet>
<servlet-name>Release</servlet-name>
<servlet-class>no.ecc.gds.srvlRelease
</servlet-class>
</servlet>
<servlet>
<servlet-name>SystemStatus</servlet-name>
<servlet-class>no.ecc.gds.ServletSystemStatus
</servlet-class>
</servlet>
<servlet>
<servlet-name>ServletCatalogue</servlet-name>
<servlet-class>no.ecc.gds.catalogue.ServletCatalogue
</servlet-class>
</servlet>
<servlet>
<servlet-name>ServletRefreshCatalogue</servlet-name>
<servlet-class>no.ecc.gds.catalogue.ServletRefreshCatalogue</servlet-class>
</servlet>
<servlet>
<servlet-name>MetadataServlet</servlet-name>
<servlet-class>no.ecc.gds.catalogue.MetadataServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>VrcCompleteValidatonPdf</servlet-name>
<servlet-class>no.ecc.gds.web.servlet.VrcValidationReportServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>VrcReportServlet</servlet-name>
<servlet-class>no.ecc.gds.web.servlet.VrcReportServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>VrcClientServlet</servlet-name>
<servlet-class>no.ecc.gds.web.servlet.VrcClientServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>RemoteUpdateServlet</servlet-name>
<servlet-class>no.ecc.gds.remote.RemoteUpdateServlet
</servlet-class>
</servlet>
<servlet>
<servlet-name>GdsFileServlet</servlet-name>
<servlet-class>no.ecc.gds.image.GdsFileServlet
</servlet-class>
</servlet>
<servlet>
<servlet-name>ExchangeSetLoaderServlet
</servlet-name>
<servlet-class>no.ecc.gds.load.ExchangeSetLoaderServlet
</servlet-class>
</servlet>
<servlet>
<servlet-name>AxisServletSessionAuth</servlet-name>
<display-name>Apache-Axis Servlet Session Auth</display-name>
<servlet-class>no.ecc.gds.ws.servlet.AxisServletSessionAuth</servlet-class>
</servlet>
<servlet>
<servlet-name>AxisServletBasicAuth</servlet-name>
<display-name>Apache-Axis Servlet Basic Auth</display-name>
<servlet-class>no.ecc.gds.ws.servlet.AxisServletBasicAuth</servlet-class>
<init-param>
<param-name>axis.servicesPath</param-name>
<param-value>/services_basic/</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>WmsServletBasicAuth</servlet-name>
<servlet-class>no.ecc.gds.wms.WmsServletBasicAuth
</servlet-class>
</servlet>
<servlet>
<servlet-name>WmsServletSessionAuth
</servlet-name>
<servlet-class>no.ecc.gds.wms.WmsServletSessionAuth
</servlet-class>
</servlet>
<servlet>
<servlet-name>WmsServletIpAuth</servlet-name>
<servlet-class>no.ecc.gds.wms.WmsServletIpAuth
</servlet-class>
</servlet>
<servlet>
<servlet-name>WmsServletTicketAuth</servlet-name>
<servlet-class>no.ecc.gds.wms.WmsServletTicketAuth
</servlet-class>
</servlet>
<servlet>
<servlet-name>BaatTicketServlet</servlet-name>
<servlet-class>no.ecc.gds.security.BaatTicketServlet
</servlet-class>
</servlet>
<servlet>
<servlet-name>DeegreeServletBasicAuth</servlet-name>
<servlet-class>no.ecc.gds.deegree.DeegreeServletBasicAuth</servlet-class>
  </servlet>
<servlet>
<servlet-name>DeegreeServletSessionAuth</servlet-name>
<servlet-class>no.ecc.gds.deegree.DeegreeServletSessionAuth</servlet-class>
  </servlet>
<servlet>
<servlet-name>NewsUrlServlet</servlet-name>
<servlet-class>no.ecc.gds.web.servlet.NewsUrlServlet</servlet-class>
</servlet>

<servlet>
<servlet-name>pageRedirectServlet</servlet-name>
<servlet-class>no.ecc.gds.PageRedirectServlet
</servlet-class>
</servlet>

<servlet>
<servlet-name>FeedServlet</servlet-name>
<servlet-class>no.ecc.gds.web.servlet.FeedServlet
</servlet-class>
<init-param>
<param-name>default.feed.type</param-name>
<param-value>rss_2.0</param-value>
</init-param>
</servlet>
<servlet>
<servlet-name>NewsFeedImageServlet</servlet-name>
<servlet-class>no.ecc.gds.web.servlet.NewsFeedImageServlet
</servlet-class>
</servlet>


<servlet>
<servlet-name>VrcFileServlet</servlet-name>
<servlet-class>no.ecc.gds.web.servlet.VrcFileServlet</servlet-class>
</servlet>

<servlet-mapping>
<servlet-name>VrcFileServlet</servlet-name>
<url-pattern>/vrc/file/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FeedServlet</servlet-name>
<url-pattern>/feed/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FeedServlet</servlet-name>
<url-pattern>/feed</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FrontController</servlet-name>
<url-pattern>/vpn/controller/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FrontController</servlet-name>
<url-pattern>/gds/vpn/controller/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>FrontController</servlet-name>
<url-pattern>/svpn/controller/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>VrcCompleteValidatonPdf</servlet-name>
<url-pattern>/vrcCompleteValidatonPdf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>VrcReportServlet</servlet-name>
<url-pattern>/vrc/vrcReportPdf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>VrcClientServlet</servlet-name>
<url-pattern>/vrc-client/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>click-servlet</servlet-name>
<!--
TODO: *.htm makes click take over vrc templates => err.
-->
<url-pattern>/page/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>RemoteUpdateServlet</servlet-name>
<url-pattern>/remoteupdate</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>RemoteUpdateServlet</servlet-name>
<url-pattern>/remoteupdate/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>GdsFileServlet</servlet-name>
<url-pattern>/gdsFile/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ServletClientAuthorization
</servlet-name>
<url-pattern>/client/authorization</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ExchangeSetLoaderServlet
</servlet-name>
<url-pattern>/client/exchangeSetLoader
</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ServletParameters</servlet-name>
<url-pattern>/vpn/appletParameters</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ServletParameters</servlet-name>
<url-pattern>/appletParameters</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Delete</servlet-name>
<url-pattern>/vpn/delete</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Delete</servlet-name>
<url-pattern>/svpn/delete</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Download</servlet-name>
<url-pattern>/vpn/download</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Download</servlet-name>
<url-pattern>/svpn/download</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>InvoiceOrdersReportDownload
</servlet-name>
<url-pattern>/download/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Save</servlet-name>
<url-pattern>/vpn/save</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Save</servlet-name>
<url-pattern>/svpn/save</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Upload</servlet-name>
<url-pattern>/vpn/upload_file</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Upload</servlet-name>
<url-pattern>/svpn/upload_file</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Release</servlet-name>
<url-pattern>/svpn/cellrelease</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Release</servlet-name>
<url-pattern>/vpn/cellrelease</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SystemStatus</servlet-name>
<url-pattern>/status</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ServletCatalogue</servlet-name>
<url-pattern>/catalogue.zip</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ServletCatalogue</servlet-name>
<url-pattern>/catalogue.ctl</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ServletCatalogue</servlet-name>
<url-pattern>/cataloguecache</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ServletRefreshCatalogue
</servlet-name>
<url-pattern>/refreshcatalogue</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MetadataServlet</servlet-name>
<url-pattern>/metadata/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AxisServletSessionAuth</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AxisServletBasicAuth</servlet-name>
<url-pattern>/services_basic/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>WmsServletBasicAuth</servlet-name>
<url-pattern>/wms/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>WmsServletSessionAuth
</servlet-name>
<url-pattern>/wms_session/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>WmsServletIpAuth</servlet-name>
<url-pattern>/wms_ip/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>WmsServletTicketAuth</servlet-name>
<url-pattern>/wms_ticket/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>BaatTicketServlet</servlet-name>
<url-pattern>/ticketreq</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DeegreeServletBasicAuth</servlet-name>
<url-pattern>/wfs/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>DeegreeServletSessionAuth</servlet-name>
<url-pattern>/wfs_session/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>pageRedirectServlet</servlet-name>
<url-pattern>/portal/page/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>NewsUrlServlet</servlet-name>
<url-pattern>/portal/news/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>NewsFeedImageServlet</servlet-name>
<url-pattern>/portal/news/mainImage</url-pattern>
</servlet-mapping>



<session-config>
<session-timeout>240</session-timeout>
</session-config>

<mime-mapping>
<extension>ico</extension>
<mime-type>image/x-icon</mime-type>
</mime-mapping>

<error-page>
<exception-type>no.ecc.gds.web.utils.GdsFacesServletException
</exception-type>
<location>/portal/public/error.jsf</location>
</error-page>
<error-page>
<exception-type>no.ecc.gds.web.utils.GdsFacesIOException
</exception-type>
<location>/portal/public/error.jsf</location>
</error-page>
<error-page>
<exception-type>javax.faces.FacesException
</exception-type>
<location>/portal/public/error.jsf</location>
</error-page>

<!--
welcome-file-list> <welcome-file>index.html</welcome-file>
</welcome-file-list
-->

<!-- ### Security -->

<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted - admin</web-resource-name>
<description>Declarative security tests</description>
<url-pattern>/vpn/controller/admin/*
</url-pattern>
<url-pattern>/vpn/controller/util/*
</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADMIN</role-name>
</auth-constraint>
<user-data-constraint>
<description>no description</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted - admin</web-resource-name>
<description>Declarative security tests</description>
<url-pattern>
/vpn/controller/util/generateUserPermit
</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MARKETING</role-name>
<role-name>ADMIN</role-name>
</auth-constraint>
<user-data-constraint>
<description>no description</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted - client</web-resource-name>
<description>Declarative security tests</description>
<url-pattern>/client/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>VPN</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted - order</web-resource-name>
<description>Declarative security tests</description>
<url-pattern>/order</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ORDER</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
<description>Declarative security tests</description>
<url-pattern>/ExchangeSet/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>VPN</role-name>
</auth-constraint>
<user-data-constraint>
<description>no description</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted - web services
</web-resource-name>
<description>Declarative security tests</description>
<url-pattern>/services</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>VPN</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted - click pages
</web-resource-name>
<description>Declarative security tests</description>
<url-pattern>/page/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>VPN</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<!--
<auth-method>CLIENT-CERT</auth-method>
<auth-method>BASIC</auth-method> <realm-name>GDS</realm-name>
-->
<auth-method>FORM</auth-method>
<realm-name>GDS</realm-name>
<form-login-config>
<form-login-page>/vpn/session/login.jsp
</form-login-page>
<form-error-page>/vpn/session/loginerror.jsp
</form-error-page>
</form-login-config>
</login-config>

<security-role>
<description>A user allowed to invoke vpn methods</description>
<role-name>VPN</role-name>
</security-role>
<security-role>
<description>
A user allowed to invoke admin methods
</description>
<role-name>ADMIN</role-name>
</security-role>
<security-role>
<description>
A user allowed to invoke marketing methods
</description>
<role-name>MARKETING</role-name>
</security-role>
<security-role>
<description>
A user allowed to invoke download methods
</description>
<role-name>DOWNLOAD</role-name>
</security-role>
<security-role>
<description>
A user allowed to invoke download (unencrypted) methods
</description>
<role-name>UNENCRYPTED</role-name>
</security-role>
<security-role>
<description>
A user allowed to invoke renc admin methods
</description>
<role-name>RENC ADMIN</role-name>
</security-role>
<security-role>
<description>
A user allowed to download from prerelease
</description>
<role-name>PRERELEASE DOWNLOAD</role-name>
</security-role>
<security-role>
<description>
A user allowed to delete from prerelease
</description>
<role-name>PRERELEASE DELETE</role-name>
</security-role>
<security-role>
<description>
A user allowed to invoke upload methods
</description>
<role-name>UPLOAD</role-name>
</security-role>
<security-role>
<description>A user allowed to order permits</description>
<role-name>ORDER</role-name>
</security-role>
<security-role>
<description>A user allowed to invoke VRC</description>
<role-name>VRC</role-name>
</security-role>
<security-role>
<description>A user allowed to use Inspector</description>
<role-name>INSPECTOR</role-name>
</security-role>

<resource-ref>
<res-ref-name>jdbc/@@instance@@GdsDS</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<injection-target>
<injection-target-class>no.ecc.gds.config.ApplicationContextFilter
</injection-target-class>
<injection-target-name>injectedDataSource
</injection-target-name>
</injection-target>
</resource-ref>

</web-app>


All documentation I have read about Jetty says that webdefault.xml will be invoked before the web applications web.xml.

I do not want to add Jetty specific configurations in my web.xml, as the application might be runned on other containers. I can add jetty stuff in my web-inf folder.

Best regards
Jone


On Aug 9, 2011, at 6:00 PM, Thomas Becker wrote:

Hi Jone,

the directory listing is provided by jetty's defaultServlet and the dirAllowed setting is the one you have to set to false. So that should normally do what you need. Could you please paste your webdefault.xml and also the web.xml of your application?

Cheers,
Thomas

On 09/08/2011 17:44, Jone Lura wrote:
Hi,

I have a web application and I want to disable the directory listing when the user enters an url location without a welcome file.

I have tried to change dirAllowed to false in webdefault.xml, but this does not seem to have any effect.

I am using a mywebapp.xml in the context folder, and have tried to add various settings there, but this did not have any effect either.

any ideas?

Best regards
Jone


_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users



_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users

Back to the top