JBoss directory browsing is enabled by default

  • 3730332
  • 11-Sep-2006
  • 16-Mar-2012

Environment

Novell Identity Manager Identity Manager 3.0
Novell Identity Manager Identity Manager 3.0.1
Novell exteNd JBoss Application Server 4.0.2

Situation

By default, JBoss allows directory browsing. Therefore, if you type the URL http://server:8080/IDMProv/resources/, the list of resources under this URL is displayed.

Resolution

If you do not want directory browsing to be enabled, go to jboss-4.0.2\server\IDM-Application Context\deploy\jbossweb-tomcat55.sar\conf, and edit the listings entry in the web.xml file:

<
servlet>defaultorg.apache.catalina.servlets.DefaultServletdebug0listingstrue1

To suppress the display of resources, change the listings value from true to false.