Hello, I have a application where users upload images to the server. I am using Tomcat 4.1.27. The folder structure is as below : webapp |__application |__images |___data |___temp Images uploaded by user are temporarily stored under webapps/application/images/temp folder. After processing the image, its preview is displayed to the user and once he submits the page, the image is copied with a different name to the data folder. When the image preview is displayed, it is displayed using line <IMG src="/application/images/temp/tempimagename.jpg" > Now my problem is, I don't want the user to access any file under temp or data folder. If the user types such a url in the browser, he shouldn't be allowed to view the file. http://url ort/application/images/temp/tempimagename.jpg or http://url ort/application/images/data/imagename.jpg At the same time, I have a functionality for the admin, where he will be displayed with the image as <IMG src="/application/images/data/imagename.jpg" > Is it possible to restrict the user? How can I block any direct access to the file. Please help me ASAP. Thanks in advance Hemant.