learn java
The moose likes JSF and the fly likes Problem : Protect my image in JSF + ImageServlet Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of The Software Craftsman this week in the Agile forum!
JavaRanch » Java Forums » Java » JSF
Bookmark "Problem : Protect my image in JSF + ImageServlet" Watch "Problem : Protect my image in JSF + ImageServlet" New topic

Problem : Protect my image in JSF + ImageServlet

Susan Monz

Joined: Aug 23, 2008
Posts: 27
I used the below tag to access my image servlet.

<af: objectImage source = "/imageServlet?id=#{myBean.tempID}"
rendered = "false"

1. Thing is anyone can easily get the param (id) i am sending from properties of the image and access it from anywhere by simply typing that url. This causes serious security issues.
Is there anyway I can protect my data. Since tomorrow i might even display critical documents.

2. In case of no image found despite id being present in database, i want to return back an alternate image. Is there any way to do this....

I am sure this has been done before.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16540

About the only way you're going to be able to do this is by constructing a servlet that retrieves the image data and copies it out dependent on the security context and availability of data.

The default action for an image URL in a J2EE app is for the server to unconditionally copy the image file to the user. Or, if the image cannot be found at the specified resource location, to return a status code of 404 (Not Found).

Actually, if you use container-based authorization or write an appropriate filter, that would probably protect the image, but in your case, you'll need some active logic if you want to substitute something else. Either that or make the page display logic so the substitution in advance.

Customer surveys are for companies who didn't pay proper attention to begin with.
It is sorta covered in the JavaRanch Style Guide.
subject: Problem : Protect my image in JSF + ImageServlet