Prevent directory listing of /VAADIN/widgetsets directory

I have an exploded /VAADIN/widgetsets directory and I’d like to prevent directory listing of its contents.

I’m using Jetty, configured with dirAllowed=false which works OK out of the Vaadin context, but within it, I get a directory listing (see for

i am using vaadin 7.3 for the customer’s web site.
a few days ago the site was diagnosed web vulnerabilities.

as you mentioned, contents in /VAADIN/themes directory could be listed.

i’m wondering how to prevent directory listing of /VAADIN/themes directory.