File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes blocking access to images Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "blocking access to images" Watch "blocking access to images" New topic

blocking access to images

Hemant Visal

Joined: Dec 19, 2003
Posts: 8
I have a application where users upload images to the server. I am using Tomcat 4.1.27. The folder structure is as below :
Images uploaded by user are temporarily stored under webapps/application/iamges/temp folder. After processing the image, its preview is displayed to the user and once he submits the page, the image is copied with a different name to the data folder.
When the image preview is displayed, it is displayed using line
<IMG src="/application/images/temp/tempimagename.jpg" >
Now my problem is, I don't want the user to access any file under temp or data folder. If the user types such a url in the browser, he shouldn't be allowed to view the file.
http://url ort/application/images/temp/tempimagename.jpg or
http://url ort/application/images/data/imagename.jpg
At the same time, I have a functionality for the admin, where he will be displayed with the image as
<IMG src="/application/images/data/imagename.jpg" >
Is it possible to restrict the user? How can I block any direct access to the file.
Please help me ASAP.
Thanks in advance
Peter Kristensson
Ranch Hand

Joined: Jul 02, 2001
Posts: 118
Please don't cross post both here and in the Tomcat forum.
It wastes space, time and resources.
john mattucci
Ranch Hand

Joined: Nov 03, 2000
Posts: 331
place them under the web-inf directory
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

You want images uploaded from users to be available to the admin, but not other users?
Placing them in the web-inf won't work, tha admin won't ba able to see them.
One option is to load them into a directory on the webroot that has some sort of protection (BASIC authentication is the easiest).
If you already have some security built-in you could also save the images off the webroot and serve them using a custom Servlet which checks user priveledges.This is similar to the first, but is a little cleaner if you already have security enabled.
Frank Carver

Joined: Jan 07, 1999
Posts: 6920
Just in case anyone reads the above two messages and gets confused, remember that in most situations the name of the directory/folder WEB-INF is case sensitive. Please always use "WEB-INF", which is guaranteed to work, rather than "web-inf" which will only work in some cases.

Read about me at ~ Raspberry Alpha Omega ~ Frank's Punchbarrel Blog
Hemant Visal

Joined: Dec 19, 2003
Posts: 8
As this was my first post, I was not aware of cross posting issues. Henceforth I will take necessary care.
Thanks a lot.
I agree. Here's the link:
subject: blocking access to images
It's not a secret anymore!