• Post Reply Bookmark Topic Watch Topic
  • New Topic

Security-Constraint  RSS feed

 
mo sayed
Ranch Hand
Posts: 88
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I have an application developed using Struts 1.3 and Tomcat 5.5 which
provides a download service. This was implemented using the downloadAction
provided with the struts api.

The application enables users to download various types of files including pdfs, zip, and text files, simply by clicking at various links. Doing so
brings up the dialog box with "open", "save", and "cancel" buttons. If I select "open", the downloaded resource will open up. As it stands the application works fine.

If however I throw a security blanket around it using BASIC authentication +
an entry for <security-costraint>,
i run into a problem. When a verified user clicks on a link to download
a resource, the user is prompted with the 'open','save', 'cancel' dialog
as before.

Clicking on the open button will now no longer display the resource in a
separate window. For example where previously, pdf files were displayed successfully, I now get an error message: "There was an error opening this
document. The file cannot be found". If I select the save option, the resource is saved correctly and can be inspected/viewed without problems.

What's causing this?

Is there a solution to this which will enable users to open resources
that can be downloaded.

kind regards,

Mo
[ June 08, 2007: Message edited by: mo sayed ]
 
mo sayed
Ranch Hand
Posts: 88
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Success !!!
Managed to resolve this.

What's causing this?

This is possibly linked to a bug reported in IE4 and which
appears to still exist in IE 6. The actual problem occurs when
a pdf/csv response is sent back over https.
You can resolve this by adding the following header content
to your response.


regards
Mo
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!