wood burning stoves 2.0*
The moose likes JSP and the fly likes going nuts trying to reference images on server Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "going nuts trying to reference images on server" Watch "going nuts trying to reference images on server" New topic
Author

going nuts trying to reference images on server

Brian Milthorp
Greenhorn

Joined: Dec 20, 2009
Posts: 9
First, sorry about asking a basic question that has probably been answered a million times somewhere. The trouble is, I don't know where that somewhere is and in spite of 2 hours+ of web searching I have not found it. This is now driving me nuts.

I am a web page/JSP absolute beginner. I have a lot of experience with Java programming. I am using Netbeans and Java EE to try to make a web page that displays photos.

I have got as far as making a page display text and an image that I copied into my WEB-INF directory.
What I want to do is display a matrix of jpeg images. The images are located on my PC BUT NOT IN THE SAME DIRECTORY AS MY WEB PAGE STUFF.

I DO NOT WANT to copy all my images into my WEB-INF directory or anywhere else. This seems to be the stock answer to others with my query.

---> How do I write a <img ... > command whose src references a jpeg in my PC's filesystem?
OR
---> What JSP code do I need inside <img <%.../%> > that reads the file and expresses it in a way that it understands?

I am quite prepared to be told that my mental model is completely wrong. But please help me understand why.
Thanks.


Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61095
    
  66

Brian Milthorp wrote:---> How do I write a <img ... > command whose src references a jpeg in my PC's filesystem?

You don't.

Imagine the security nightmare if any old web page could reference files anywhere on your file system!

If you want to serve the images, they must be placed in the web application. But not inside WEB-INF. Any resources placed inside WEB-INF are not servable by definition.

I am quite prepared to be told that my mental model is completely wrong. But please help me understand why.

See above. You do not want your entire file system exposed to the Internet. Clearly.

The one other possibility is to write a servlet that can stream the images that it reads from the file system. But that's big guns. Do you have a justifiable beef with simply moving or copying the images to where they belong?


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61095
    
  66

P.S. Any construct in a JSP that still uses the <% %> notation is over 9 years out of date. If you are a newbie to JSP, be sure to use modern techniques off the bat. That means JSTL and EL and not discredited scriptlets.
Brian Milthorp
Greenhorn

Joined: Dec 20, 2009
Posts: 9
Thanks for your swift reply!
Bear Bibeault wrote:
Brian Milthorp wrote:---> How do I write a <img ... > command whose src references a jpeg in my PC's filesystem?

You don't.

Imagine the security nightmare if any old web page could reference files anywhere on your file system!

Well. This isn't any old web page. It is my web page. No one else uses my computer.
Besides, what is the security problem with what I want to do? My server serves a page that I define the content of, right? So how could a client browser have access to my PC's file system? How would that happen?


If you want to serve the images, they must be placed in the web application. But not inside WEB-INF. Any resources placed inside WEB-INF are not servable by definition.

I thought WEB-INF was the correct place because I put a test image there and it appears on my client browser just fine. Where should images be placed?


The one other possibility is to write a servlet that can stream the images that it reads from the file system. But that's big guns. Do you have a justifiable beef with simply moving or copying the images to where they belong?

As far as I am concerned, my photos belong where they are. I see no value in duplicating them all and I see problems: like disk space usage and keeping two sets of photos synchronized. Sure, these can be solved but why should I waste the disk space and create cron jobs with rsync or whatever?
Brian Milthorp
Greenhorn

Joined: Dec 20, 2009
Posts: 9
Bear Bibeault wrote:P.S. Any construct in a JSP that still uses the <% %> notation is over 9 years out of date. If you are a newbie to JSP, be sure to use modern techniques off the bat. That means JSTL and EL and not discredited scriptlets.

This is a great tip, thanks. I'll Google JSTL and EL.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61095
    
  66

Brian Milthorp wrote:Besides, what is the security problem with what I want to do? My server serves a page that I define the content of, right? So how could a client browser have access to my PC's file system?

The client browser issues the request for the image. If it could access any file anywhere on your file system, you don't see a security problem with this? What's to prevent me from hitting your server with requests for other files on your system?

For security purposes, servlet containers can only serve files within the web application context.

I thought WEB-INF was the correct place because I put a test image there and it appears on my client browser just fine

Nope. Not unless your servlet container is broken. They should be placed within the hierarchy of the web app context anywhere but under WEB-INF.

As far as I am concerned, my photos belong where they are. I see no value in duplicating them all and I see problems: like disk space usage and keeping two sets of photos synchronized. Sure, these can be solved but why should I waste the disk space and create cron jobs with rsync or whatever?

You can feel this way all you want, but it's not going to change how things work.

If you want to serve the files from outside the web app context, you'll need to write a servlet that reads a file and streams it as the response. The browser (via the <img> tag) will not be able to directly address the image file.
Brian Milthorp
Greenhorn

Joined: Dec 20, 2009
Posts: 9
Bear Bibeault wrote:The client browser issues the request for the image. If it could access any file anywhere on your file system, you don't see a security problem with this? What's to prevent me from hitting your server with requests for other files on your system?

You find this obvious. I am new to this and it is not obvious to me at all. Are you saying that the web server has a sort of file system address space (is this what you mean by "web application context"?) that is accessible from any client and that a client could write its own html page, as it were, to request any file from within that space?
In other words, the server does not control what specific files within the server's file address space that a client could access if it wanted to?
If so, isn't this rather shoddy?

Nope. Not unless your servlet container is broken. They should be placed within the hierarchy of the web app context anywhere but under WEB-INF.

Netbeans IDE/GlassFish must be broken, then.


If you want to serve the files from outside the web app context, you'll need to write a servlet that reads a file and streams it as the response. The browser (via the <img> tag) will not be able to directly address the image file.

Could you just give me a few pointers to how a servlet would do this? I know, for example, how to write java code to read a file using ImageIO.
What I want is a web page with a matrix of images on it. Those images "loaded" from my PC's filesystem by java code or otherwise.

To display a matrix do I have to inject them into cells of a table, using the html table tags?
What is the form of the data that goes into the table cells?

Or is there a direct way to squirt a matrix to the client using "response" or something?

I noticed that it is possible to "push" an image to the client using 'response.getOutputStream().write(byte[] a);' and I tried this and it works but it obliterates any prior output on the client. I want the client to see some text and stuff and then a matrix of images. Does this mean that this response command somehow causes the client to "reload" the page with the "write" data rather than causing the client to add the data to the existing page?
Unfortunately, I really don't think I understand the protocol between client and server very well.

Thanks.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61095
    
  66

Brian Milthorp wrote:In other words, the server does not control what specific files within the server's file address space that a client could access if it wanted to?
If so, isn't this rather shoddy?

Hardly. The access is well defined. You create a folder on the file system that serves as the root of the web application. This, and the folders under it, are the web application context. The server is limited to serving only files within this context. This protects the remainder of your file system from casual access. Additionally, any resources that should not be directly servable, but that need to be part of your web app, are placed under the WEB-INF folder where they are protected. How is this "shoddy"?

You can also place additional security constraints via the deployment descriptor. But the default behavior is usually quite sufficient.

Netbeans IDE/GlassFish must be broken, then.

More likely you haven't got things configured quite right.

Could you just give me a few pointers to how a servlet would do this? I know, for example, how to write java code to read a file using ImageIO.
What I want is a web page with a matrix of images on it. Those images "loaded" from my PC's filesystem by java code or otherwise.

There are ample examples throughout this and the Servlets forum. This is a subject that has been addressed many times before.

To display a matrix do I have to inject them into cells of a table, using the html table tags?
What is the form of the data that goes into the table cells?

Remember that JSP is just a templating language to create HTML to send to the browser. So figure out how to make things work with HTML before even thinking about JSP.

Or is there a direct way to squirt a matrix to the client using "response" or something?

No. The browser understands HTML, so you must do it with HTMl just like any other web page.

I noticed that it is possible to "push" an image to the client using 'response.getOutputStream().write(byte[] a);' and I tried this and it works but it obliterates any prior output on the client.

Wrong thinking. The HTMl contains <img> tags that request the image data. You can't just mix image data in with the HTML and expect anything good to happen.

I want the client to see some text and stuff and then a matrix of images. Does this mean that this response command somehow causes the client to "reload" the page with the "write" data rather than causing the client to add the data to the existing page?

Again, all this needs to happen with good old HTML.

Unfortunately, I really don't think I understand the protocol between client and server very well.

Look up how HTML and HTTP work. All this Java stuff is just happening on the server and must interact with the way that HTML and HTTP interact.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61095
    
  66

P.S. A lesser-used alternative to the streaming servlet could be to define a secondary web application rooted at the folder location of the images. This could even be served using the Apache Web Server as it would not need any server-side Java components.
Brian Milthorp
Greenhorn

Joined: Dec 20, 2009
Posts: 9
Bear Bibeault wrote:Hardly. The access is well defined. You create a folder on the file system that serves as the root of the web application. This, and the folders under it, are the web application context. The server is limited to serving only files within this context. This protects the remainder of your file system from casual access. Additionally, any resources that should not be directly servable, but that need to be part of your web app, are placed under the WEB-INF folder where they are protected. How is this "shoddy"?

Ok. Well I am not really looking for an argument right now. If a client can access the server's "context" without the server explicitly giving it access, which is what I am inferring from what you said, then yes I do consider this shoddy. Absolutely. But let's park this because it isn't helping me.

More likely you haven't got things configured quite right.

Ditto.

There are ample examples throughout this and the Servlets forum. This is a subject that has been addressed many times before.

link?

Look up how HTML and HTTP work. All this Java stuff is just happening on the server and must interact with the way that HTML and HTTP interact.

Ok.

Well, taking on board your comments I have decided, for the time being, to have java code temporarily copy the images (or reduced size icons thereof) I wish to display from where I think they are meant to be (no arguments please) to my web "context" and then insert their names into <img > tags using (for the benefit of other newbies) something like this:
<img alt=<% out.println("\"" + filename + "\"")%> src=<%out.println("\"" + webAppPath + filename + "\"");%>

I haven't figured out how to get the absolute path of the web context programmatically (which is needed to do the copy) yet but this is not strictly necessary.
Thanks.
Brian Milthorp
Greenhorn

Joined: Dec 20, 2009
Posts: 9
Where to store image files in Java web app
FYI someone having a problem with images stored in the web app directory.
Brian Milthorp
Greenhorn

Joined: Dec 20, 2009
Posts: 9
I found an improvement.
Rather than coyping the image file from where it lives on my PC's filesystem to the web application "context" directory, I can create a symbolic link to it. The GlassFish server I am using needs to be explicitly told to allow symbolic linking (see: glassFish).

I would be interested in knowing what security issues, if any, the use of symbolic links to each file creates.
I'm using Ubuntu.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61095
    
  66

Brian Milthorp wrote:If a client can access the server's "context" without the server explicitly giving it access, which is what I am inferring from what you said, then yes I do consider this shoddy.

This makes no sense. The whole purpose of the context is to give access. If you don't want to give access to a file, don't put it in the context

link?

Here's the search page.

something like this:
<img alt=<% out.println("\"" + filename + "\"")%> src=<%out.println("\"" + webAppPath + filename + "\"");%>


More like:

Anytime you find yourself typing <% in a JSP, stop, erase it, and learn how to do it properly using the JSTL and EL.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: going nuts trying to reference images on server