This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Tomcat and the fly likes prevent hotlinking images with standalone tomcat. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "prevent hotlinking images with standalone tomcat." Watch "prevent hotlinking images with standalone tomcat." New topic
Author

prevent hotlinking images with standalone tomcat.

Rob Deer
Greenhorn

Joined: Jan 10, 2005
Posts: 17
Hi, I'm running tomcat webserver standalone. Is there a way to stop hotlinking images? I know you can do this with apache but what about standalone tomcat? Thanks.

EW
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12761
    
    5
Is there a way to stop hotlinking images?


If by that you mean requiring all image requests to come from known legal users, sure. Just have the image link point to a servlet rather than a file and have the servlet check for a valid session before sending the image data.

Bill
Rob Deer
Greenhorn

Joined: Jan 10, 2005
Posts: 17
I'm trying to prevent people typing image.jpg in the url to go to the image directly.
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12761
    
    5
I'm trying to prevent people typing image.jpg in the url to go to the image directly.

Ok, thats what I was talking about, Tomcat will only serve images directly from the main web application directory. Put you images somewhere else and create a servlet to send them after checking for a valid user.
Bill
Rob Deer
Greenhorn

Joined: Jan 10, 2005
Posts: 17
can you give a little example on the servlet?
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

You could do this with a filter as well.
Put all your restricted images in a directory (member-img). Then create a filter that checks a user's login credentials (usually stored in session) and allows the request to pass if the user should be allowed to access that directory.
Map that filter to your member-img directory.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: prevent hotlinking images with standalone tomcat.
 
Similar Threads
how to get System.out.print()
comparision between loading images from servlet vs. from files
Modifiers & Keyword Summary
where is my webapp?
tomcat is a standalone webcontainer ,what does that mean?