Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Accessing images under WEB-INF

 
Bunty Paul
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I need to store certain sensitive images under WEB-INF folder so that i will prevent users from accessing the images directory from the URL.

But in JSP i have to show the image like

<img src="/app/WEB-INF/images/my-image.gif" >

but still i can not view this image. How can i achieve this?


Note: these images are dynamically generated during file upload which is done previously
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Resources that are stored under WEB-INF are not publically visible.
You cannot use GET command to fetch those resources.
 
Bunty Paul
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
But is there any way i can achieve this...

1) I have to restrict users from directly accessing images folder

2) I should be able to display this image through my JSP
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Bunty Paul:
But is there any way i can achieve this...

1) I have to restrict users from directly accessing images folder

2) I should be able to display this image through my JSP


Your jsp's can access the resources under WEB-INF directly , but when you generate the img html tag using the jsp then its not fetching the image.The image fetching is done by the browser/ client when the jsp gets rendered.So the browser is trying to fetch the image ,which is stored within the WEB-INF.
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Instead of letting the web server (or servlet container) serve the images directly, you can create a servlet that streams the images to the client. So instead of "img src="xyz.jpg" you'd have a URL like "img src="ImageServlet?src=xyz.jpg". Then you can keep the images in the WEB-INF folder (or in any other directory that's not publicly accessible), because the servlet can read the images from there, but not the browser.
[ December 11, 2006: Message edited by: Ulf Dittmer ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have an example app on my site that does just this.
http://simple.souther.us

Look for SimpleStream.
 
Bunty Paul
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks all, thats the way i wanted.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic