my dog learned polymorphism
The moose likes Servlets and the fly likes blocking access to images Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA Java SE 8 Programmer I Study Guide this week in the OCAJP 8 forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "blocking access to images" Watch "blocking access to images" New topic

blocking access to images

Hemant Visal

Joined: Dec 19, 2003
Posts: 8
I have a application where users upload images to the server. I am using Tomcat 4.1.27. The folder structure is as below :
Images uploaded by user are temporarily stored under webapps/application/iamges/temp folder. After processing the image, its preview is displayed to the user and once he submits the page, the image is copied with a different name to the data folder.
When the image preview is displayed, it is displayed using line
<IMG src="/application/images/temp/tempimagename.jpg" >
Now my problem is, I don't want the user to access any file under temp or data folder. If the user types such a url in the browser, he shouldn't be allowed to view the file.
http://url ort/application/images/temp/tempimagename.jpg or
http://url ort/application/images/data/imagename.jpg
At the same time, I have a functionality for the admin, where he will be displayed with the image as
<IMG src="/application/images/data/imagename.jpg" >
Is it possible to restrict the user? How can I block any direct access to the file.
Please help me ASAP.
Thanks in advance
Peter Kristensson
Ranch Hand

Joined: Jul 02, 2001
Posts: 118
Please don't cross post both here and in the Tomcat forum.
It wastes space, time and resources.
john mattucci
Ranch Hand

Joined: Nov 03, 2000
Posts: 331
place them under the web-inf directory
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

You want images uploaded from users to be available to the admin, but not other users?
Placing them in the web-inf won't work, tha admin won't ba able to see them.
One option is to load them into a directory on the webroot that has some sort of protection (BASIC authentication is the easiest).
If you already have some security built-in you could also save the images off the webroot and serve them using a custom Servlet which checks user priveledges.This is similar to the first, but is a little cleaner if you already have security enabled.
Frank Carver

Joined: Jan 07, 1999
Posts: 6920
Just in case anyone reads the above two messages and gets confused, remember that in most situations the name of the directory/folder WEB-INF is case sensitive. Please always use "WEB-INF", which is guaranteed to work, rather than "web-inf" which will only work in some cases.

Read about me at ~ Raspberry Alpha Omega ~ Frank's Punchbarrel Blog
Hemant Visal

Joined: Dec 19, 2003
Posts: 8
As this was my first post, I was not aware of cross posting issues. Henceforth I will take necessary care.
Thanks a lot.
I agree. Here's the link:
subject: blocking access to images
It's not a secret anymore!