File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes How to prevent from directly loading javascript file from browser URL? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "How to prevent from directly loading javascript file from browser URL?" Watch "How to prevent from directly loading javascript file from browser URL?" New topic
Author

How to prevent from directly loading javascript file from browser URL?

Jack Tian
Greenhorn

Joined: Sep 14, 2009
Posts: 5
Because existing application did not have JAAS set up and it uses comtomized authantication and authorization.
I give up to use role-name and URL mapping to configure the permission in web.xml file.
Instead I try to set up one filter or servlet to authanticate the URL for javascript file loading.
If user account is in the http session, then javascript file can be loaded. Otherwise, send the error.
in web.xml, I add
<servlet-mapping>
<servlet-name>AccessCheckServlet</servlet-name>
<url-pattern>/scripts/*</url-pattern>
</servlet-mapping>

in the servlet doGet method, I wrote:
HttpSession session = request.getSession();
User user = (User) session.getAttribute(USER_KEY);
if(user == null){response.setStatus(400);}
else{
super.doGet(request, response); // problem code, I tried some other way}

no matter how I try, the javascript can not load to browser properly after login
if the jsp file head has javascript included.

Can someone help me out how to use servlet to load javascript file?
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

A JavaScript file can be streamed to a client just like any other file.
Jack Tian
Greenhorn

Joined: Sep 14, 2009
Posts: 5
Where can I find the source code for streaming the js file?
Is there a way, servlet only checks the authentication, leave the loading file to web server?
Cause originally, web server does the js file loading.
Rajkishore Pujari
Ranch Hand

Joined: Sep 03, 2005
Posts: 46
try doing authentication in the filter instead.
Jack Tian
Greenhorn

Joined: Sep 14, 2009
Posts: 5
Filter works. I made a mistake and thought filter has to combine with a servlet.
Thanks.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to prevent from directly loading javascript file from browser URL?