aspose file tools*
The moose likes Servlets and the fly likes sending protected files from servlets Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "sending protected files from servlets" Watch "sending protected files from servlets" New topic
Author

sending protected files from servlets

lavanya chukkala
Greenhorn

Joined: Nov 12, 2001
Posts: 3
Hi,
My ligin.html file sends the username and password to a servlet to validate. the servlet must return a .html file if the uername and password is correct.
The user must be able to accesss the .html file only if he has logged in. I am not able to accomplish this part, because when my servlet is returning the .html file the entire URL of the file is displayed in the browsers location bar.
Therefore, the URL can be copied and pasted in another browser and the .html file will be displayed.
Could you tell me how to solve this problem?
thanks in advance
Tony Alicea
Desperado
Sheriff

Joined: Jan 30, 2000
Posts: 3222
    
    5
Hans Bergsten, in his book JavaServer Pages (O'Reilly) http://www.amazon.com/exec/obidos/ASIN/156592746x/electricporkchop suggests a way of protecting HTML static resources or JSPs from being viewed the way you say.
You'd have to code something like this in the web.xml file:
<security-constraint>
<web-resource-collection>
<url-pattern>yourSecretPage.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>nobody</role-name>
</auth-constraint>
</security-constraint>
DON'T assign any user to the "nobody" role. Then use a RequestDispatcher to get to the page. Since dispatching a Request is an internal affair, the constraint doesn't have any effect, but no one will be able to "cut and paste" a URL to get to the page.


Tony Alicea
Senior Java Web Application Developer, SCPJ2, SCWCD
Robert Gagliardo
Greenhorn

Joined: Nov 15, 2001
Posts: 24
The above will work.
Or apon success, have the login servlet read the html file and print it back to the user.
 
wood burning stoves
 
subject: sending protected files from servlets