Meaningless Drivel is fun!
The moose likes Servlets and the fly likes sending protected files from servlets Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "sending protected files from servlets" Watch "sending protected files from servlets" New topic

sending protected files from servlets

lavanya chukkala

Joined: Nov 12, 2001
Posts: 3
My ligin.html file sends the username and password to a servlet to validate. the servlet must return a .html file if the uername and password is correct.
The user must be able to accesss the .html file only if he has logged in. I am not able to accomplish this part, because when my servlet is returning the .html file the entire URL of the file is displayed in the browsers location bar.
Therefore, the URL can be copied and pasted in another browser and the .html file will be displayed.
Could you tell me how to solve this problem?
thanks in advance
Tony Alicea

Joined: Jan 30, 2000
Posts: 3226
Hans Bergsten, in his book JavaServer Pages (O'Reilly) suggests a way of protecting HTML static resources or JSPs from being viewed the way you say.
You'd have to code something like this in the web.xml file:
DON'T assign any user to the "nobody" role. Then use a RequestDispatcher to get to the page. Since dispatching a Request is an internal affair, the constraint doesn't have any effect, but no one will be able to "cut and paste" a URL to get to the page.

Tony Alicea
Senior Java Web Application Developer, SCPJ2, SCWCD
Robert Gagliardo

Joined: Nov 15, 2001
Posts: 24
The above will work.
Or apon success, have the login servlet read the html file and print it back to the user.
I agree. Here's the link:
subject: sending protected files from servlets
It's not a secret anymore!