The scenario: There is a list of files that logged in users are able to download. The files themselves are not kept within the web root, as we need to be able to ensure that a user has rights to download the file. To do this I have created a JSP page which (a) checks that the user is logged and has appropriate permissions, (b) sets the content type to something the browser does not understand (to ensure the file, which is basically just text is downloaded instead of just displayed in the browser) and (c) gets and includes the content of the file using java.io.File. The problem: ... with this approach is that it uses a link which looks something like <a href=getfile.jsp?filename=thefile.snd >thefile.snd</a>. This means that the file name in the save dialogue always defaults to 'getfile.jsp', when it needs to default to 'thefile.snd'. Any ideas? I've considered using an signed applet to do the download and rename the file but would like to avoid this if possible (although if anyone has the source for such an applet that would also be helpful).