• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

File Protection

 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have a directory of files (Word and Excel) that I only want accessible to users who are logged in with a valid session in my jsp pages. I can protect the page which links to the files, but I want to be able to project the files themselves from the possibility of people entering the URL directly in the web browser to access them. Any ideas on how to do this?
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You could store the files outside the directories that web server is allowed to serve from URLs and provide access (download?) only indirectly through a servlet.
 
Ranch Hand
Posts: 1873
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi clem,
or u can put index.html in the directory which u want to protect from being directly seen from the browser.
generally the webservers have indexing configuration that says "display index.html (or home.html or main.html etc dependent upon the webserver) if the directory is being accessed from the browser"
so whenever u try to go to the directory it will show u the index.html instead the content and then we can't see what is in there.
catch here is "what if user somehow knows the direct path to the file and type in that?". in that case i'd go with what William suggested.
also, in some webservers we can configure it to "not show particular files with some extensions". in iPlanet 4.1 ES we can do that. i dont know about anyother servers. i guess that would also serve the purpose of hiding the stuff.
regards
maulin
 
Clem White
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the replies. I need a solution that offers protection in cases where users may know the full path to the file.
William, I've tried something similar to your solution but I don't know how to enable users to download a file through a servlet. I've tried setting up a sym link and then serving the file as an include in a blank JSP page, but this corrupts Word and Excel files (probably because the header information is now wrong). Can you suggest a better way to enable download of a file outside the web root via a JSP or servlet?
 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have to protect content that is not HTML as well. I was planning on a Servlet Filter. Have you looked into that option?
 
Clem White
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Paul - I've never used Servlet Filters before but I looked up some info about them (URLs below) and it looks like they might well do what I need. I'll post here once I've had a chance to try this to let you know how I got on.
http://www.onjava.com/pub/a/onjava/2001/05/10/servlet_filters.html
http://javaboutique.internet.com/tutorials/Servlet_Filters/filter-mapping.html
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic