我使用embedded jetty 8.1.16来部署我的应用程序。该应用程序有一个目录来存储静态内容(javascript和css文件)。应用程序已通过身份验证,但静态内容可以通过其URL进行访问而无需身份验证。我按如下方式设置基于表单的身份验证
ServletContextHandler handler = (ServletContextHandler)context;
handler.addServlet(new ServletHolder(new DefaultServlet() { /* login page*/}), "/login");
Constraint constraint = new Constraint();
constraint.setName(Constraint.__FORM_AUTH);
constraint.setRoles(new String[]{"user"});
constraint.setAuthenticate(true);
ConstraintMapping constraintMapping = new ConstraintMapping();
constraintMapping.setConstraint(constraint);
constraintMapping.setPathSpec("/test-app");
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.addConstraintMapping(constraintMapping);
HashLoginService loginService = new HashLoginService();
loginService.setConfig("/realm.properties");
FormAuthenticator authenticator = new FormAuthenticator("/login", "/login", false);
securityHandler.setAuthenticator(authenticator);
handler.setSecurityHandler(securityHandler);
静态内容的url为localhost:8080 / test-app / js / app.js和localhost:8080 / test-app / js / app.css 如何验证这些静态内容以防止从URL直接访问?感谢