This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
In My application I want to send attachements along with plain message(just like yahoo). But how do i protect folders(in appache-tomcat server) which will contain this attachements.what i mean user can type URL of this folder and see this attachements.One more problem folders also will be dynamic that is each time user is added to my application folders will also be added for each user(which will contain his attachements). please give some advice regarding this. :roll:
Have a main folder that contains the users folders and protect it and everything underneath using a security constraint that you specify in the deployment descriptor.
Joined: Jun 13, 2003
thank Calina Cazangiu But where to find deployment descriptor how to specify security constarint. if security constraint is specified how users can read their individual attachement Basically i want to hide url of folder in all my jsps so that user does not type directly type url in address bar see other users attachements
A common way to do this is to place the files away from the web root. Then users request the file from a Servlet, the Servlet decides if the user is allowed to see the file. If they are, it loads the file from the directory structuure and streams it to the client. This also supports dynamic folders. The servlet maps to (for example) "/download/*", then files that are requested via /download/Dave/myFile gets routed through the servlet. If I'm not logged in as Dave, the servlet doesn't allow the operation. Is this more or less what you were looking for? Dave