James Lightener

Greenhorn
+ Follow
since Nov 18, 2008
Merit badge: grant badges
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
1
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by James Lightener

Tim Moores wrote:The obvious approach would be to put the files in a directory that is not accessible outside of the application. All links would then have to go through a servlet (or some kind of action bean/class if you're using a web framework) which could perform all necessary authentication checks before serving the content of the files.



Thanks Tim but I don't think so it is appropriate solution to my problem. I try to elaborate the problem so that you can explain your solution if it is applicable.

All the files are kept at a common location on the JBOSS server. The page where links are displayed is displayed to a user only if he have the authorized access. But for example on the click of the link the url is generated like this:

http://JBOSS-Server/portal/files/documentation/ImportantInformation.pdf

Now if I copy this path and hit it directly on a new browser, the PDF file is opened without asking for any password because it is not calling any of the Servlet (in my case the action as I am using Struts) and hence there is no authentication happening.

What will be the best way to resolve this problem? Can I have any configuration in my JBOSS server to ask for password when user tries to access this path? Or how can I call my interceptor to verify the login and give error as the user is directly trying to access the file in an illegal way.

~ thoughtfulbrain.
11 years ago
Hi,

I have an application which displays certain links. Some of these links open the pdf files placed on the server.

The application has a two level of permissions, one through LDAP to verify whether the user is valid and then the permissions to the user for this application using Oracle Database.

However, if I hit the path of the file directly, the files can be accessed and no Authentication is done.

Can you please help me to avoid this unauthorized access?

By the way I am using JBOSS server to deploy the applications.

Thanks in advance.

~ thoughtfulbrain.

11 years ago