File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes Give access to files only if the request comes from localhost Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Give access to files only if the request comes from localhost" Watch "Give access to files only if the request comes from localhost" New topic
Author

Give access to files only if the request comes from localhost

Andrei Antonescu
Ranch Hand

Joined: Jul 08, 2010
Posts: 75
Hello all,

I have a picture x.jpg on a Tomcat webserver. I want to show the picture in my webapp. Let's say that the picture url is: http://www.x.com/pic.jpg. I want to be able
to show the picture in my webapp, but If I enter http://www.x.com/pic.jpg in the url of my browser, then the picture must not be visible.

So tomcat must allow the requests for http://www.x.com/pic.jpg to come only from localhost (from my webapp).

Is that even possible?

Thanks in advance
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42371
    
  64
The Remote Address Filter and/or the Remote Host Filter should be able to do this, assuming that you want to restrict access to ALL of Tomcat: http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote_Address_Filter

If it's just certain images, then you can serve those through a servlet that checks the remote address/host.


Ping & DNS - my free Android networking tools app
leo donahue
Ranch Hand

Joined: Apr 17, 2003
Posts: 327
The remote address filter valve can be located in a Context and that context can be in /META-INF/context.xml. this would restrict access to a specific webapp.


Thanks, leo
Andrei Antonescu
Ranch Hand

Joined: Jul 08, 2010
Posts: 75
Thanks guys.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Give access to files only if the request comes from localhost