aspose file tools
The moose likes Servlets and the fly likes blocking access to images Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login
JavaRanch » Java Forums » Java » Servlets
Reply Bookmark "blocking access to images" Watch "blocking access to images" New topic
Author

blocking access to images

Hemant Visal
Greenhorn

Joined: Dec 19, 2003
Posts: 8
posted private message
0
Quote
Hello,
I have a application where users upload images to the server. I am using Tomcat 4.1.27. The folder structure is as below :
webapp
|__application
|__images
|___data
|___temp
Images uploaded by user are temporarily stored under webapps/application/iamges/temp folder. After processing the image, its preview is displayed to the user and once he submits the page, the image is copied with a different name to the data folder.
When the image preview is displayed, it is displayed using line
<IMG src="/application/images/temp/tempimagename.jpg" >
Now my problem is, I don't want the user to access any file under temp or data folder. If the user types such a url in the browser, he shouldn't be allowed to view the file.
http://url ort/application/images/temp/tempimagename.jpg or
http://url ort/application/images/data/imagename.jpg
At the same time, I have a functionality for the admin, where he will be displayed with the image as
<IMG src="/application/images/data/imagename.jpg" >
Is it possible to restrict the user? How can I block any direct access to the file.
Please help me ASAP.
Thanks in advance
Hemant.
Peter Kristensson
Ranch Hand

Joined: Jul 02, 2001
Posts: 118
posted
0
Quote
Please don't cross post both here and in the Tomcat forum.
It wastes space, time and resources.
/Peter
john mattucci
Ranch Hand

Joined: Nov 03, 2000
Posts: 331
posted private message
0
Quote
place them under the web-inf directory
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I like...
Android Eclipse IDE Ubuntu
posted
0
Quote
You want images uploaded from users to be available to the admin, but not other users?
Placing them in the web-inf won't work, tha admin won't ba able to see them.
One option is to load them into a directory on the webroot that has some sort of protection (BASIC authentication is the easiest).
If you already have some security built-in you could also save the images off the webroot and serve them using a custom Servlet which checks user priveledges.This is similar to the first, but is a little cleaner if you already have security enabled.
Dave
Frank Carver
Sheriff

Joined: Jan 07, 1999
Posts: 6913
posted private message
0
Quote
Just in case anyone reads the above two messages and gets confused, remember that in most situations the name of the directory/folder WEB-INF is case sensitive. Please always use "WEB-INF", which is guaranteed to work, rather than "web-inf" which will only work in some cases.
Thanks.

A Convergent Visionary ~ Frank's Punchbarrel Blog ~ LinkedIn profile
Hemant Visal
Greenhorn

Joined: Dec 19, 2003
Posts: 8
posted private message
0
Quote
Hello,
As this was my first post, I was not aware of cross posting issues. Henceforth I will take necessary care.
Thanks a lot.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: blocking access to images
 
Similar Threads
blocking access to images
JSP and deployment
get the absolute url from JSP or servlet
Deployment issue
Blocking access to images