This week's book giveaway is in the Performance forum.
We're giving away four copies of The Java Performance Companion and have Charlie Hunt, Monica Beckwith, Poonam Parhar, & Bengt Rutisson on-line!
See this thread for details.
Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Problem : Protect my image in JSF + ImageServlet

 
Susan Monz
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I used the below tag to access my image servlet.

<af: objectImage source = "/imageServlet?id=#{myBean.tempID}"
rendered = "false"

1. Thing is anyone can easily get the param (id) i am sending from properties of the image and access it from anywhere by simply typing that url. This causes serious security issues.
Is there anyway I can protect my data. Since tomorrow i might even display critical documents.

2. In case of no image found despite id being present in database, i want to return back an alternate image. Is there any way to do this....

I am sure this has been done before.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18212
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
About the only way you're going to be able to do this is by constructing a servlet that retrieves the image data and copies it out dependent on the security context and availability of data.

The default action for an image URL in a J2EE app is for the server to unconditionally copy the image file to the user. Or, if the image cannot be found at the specified resource location, to return a status code of 404 (Not Found).

Actually, if you use container-based authorization or write an appropriate filter, that would probably protect the image, but in your case, you'll need some active logic if you want to substitute something else. Either that or make the page display logic so the substitution in advance.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic