aspose file tools*
The moose likes Servlets and the fly likes Permission control: File Upload and Download - Want to improve performance Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Reply locked New topic
Author

Permission control: File Upload and Download - Want to improve performance

Joe Serel
Greenhorn

Joined: Apr 01, 2005
Posts: 6
Greetings,

I have a web app (running in Tomcat) which allows user to login and upload files. The uploaded files are saved to /WEB-INF/resources/user_name/filename

The uploaded files should only be available to the uploader. So, when the user login and try to download the files they uploaded, I use a URL pattern /data/user_name/filename
and map this pattern to a servlet. When the servlet sees this request and the same user is currently logged in the same session, the web app read file from /WEB-INF/resources/user_name/filename and write it to response stream.

This works fine. But my problem is, I think in my Servlet, reading the file and writing to the response stream is a bit overkill. Since the file is already there, can I just serve it as a static content? Can I do something like "forwarding" after checking the permission of the user in the servlet, and let Tomcat handles it (serves it as a static file)? I have to keep the servlet though because i need to do permission control there - only the uploader can access the uploaded file.

Moreover, I also want to see if it is possible to use Apache+Tomcat configuration and let Apache serve these uploaded files. Again, I am not sure how to do the permission control if I take this route.

My user login information is stored in a DB table.

I posted the later part of my question (Apache+Tomcat) here:
http://www.coderanch.com/t/85506/Tomcat/Access-control-Tomcat-Apache
and got some good information.

Any help will be appreciated.

Thanks,

Joe

[ October 29, 2005: Message edited by: Joe Serel ]
[ October 29, 2005: Message edited by: Joe Serel ]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61766
    
  67

Can I do something like "forwarding" after checking the permission of the user in the servlet, and let Tomcat handles it (serves it as a static file)?


Yes, you can do this. But Tomcat will do pretty much the same thing you are, so if you're looking for a marked performance gain, you probably won't see much difference (unless your own write code is grossly inefficient). Probably worth a try.

I also want to see if it is possible to use Apache+Tomcat configuration and let Apache serve these uploaded files.


I would not recommend this approach. Enforcing persmission will be much more difficult and it's a bit of a configuration hassle. Tomcat's serving of static files is on a par with Apache's.
[ October 29, 2005: Message edited by: Bear Bibeault ]

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Joe Serel
Greenhorn

Joined: Apr 01, 2005
Posts: 6
{
Yes, you can do this. But Tomcat will do pretty much the same thing you are, so if you're looking for a marked performance gain, you probably won't see much difference (unless your own write code is grossly inefficient). Probably worth a try.
}

Wow, thanks for the reply - just joined this forum and found it's incredibly responsive.

Bear, can you tell me how to do this? At least I can remove my own written code since I always think DRY is good.

You made the same point as Scott did saying that Tomcat static file serving is on par with Apache, I'll have to believe you guys :-) Even a lot of docs on the net suggests Apache has performance gain - but I think those are prob. obsolete - like Scott said his experience with new Tomcat server is pretty good.

Thanks.

Joe

[ October 29, 2005: Message edited by: Joe Serel ]
[ October 29, 2005: Message edited by: Joe Serel ]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61766
    
  67

Joe, in the future, please do not cross-post the same question in multiple forums. It wastes time when multiple redundant conversations take place and is against forum policy.

You would forward to the resource the same as any other, using the Request Dispatcher forwarding mechanism.

And yes, while Apache may have had the static-serving edge at some point, recent versions of Tomcat have closed the gap.
Joe Serel
Greenhorn

Joined: Apr 01, 2005
Posts: 6
Thank you Bear. Sorry about the multi post.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Permission control: File Upload and Download - Want to improve performance