Win a copy of Cross-Platform Desktop Applications: Using Node, Electron, and NW.js this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

File Protection  RSS feed

 
Clem White
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a directory of files (Word and Excel) that I only want accessible to users who are logged in with a valid session in my jsp pages. I can protect the page which links to the files, but I want to be able to project the files themselves from the possibility of people entering the URL directly in the web browser to access them. Any ideas on how to do this?
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could store the files outside the directories that web server is allowed to serve from URLs and provide access (download?) only indirectly through a servlet.
 
Maulin Vasavada
Ranch Hand
Posts: 1873
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi clem,
or u can put index.html in the directory which u want to protect from being directly seen from the browser.
generally the webservers have indexing configuration that says "display index.html (or home.html or main.html etc dependent upon the webserver) if the directory is being accessed from the browser"
so whenever u try to go to the directory it will show u the index.html instead the content and then we can't see what is in there.
catch here is "what if user somehow knows the direct path to the file and type in that?". in that case i'd go with what William suggested.
also, in some webservers we can configure it to "not show particular files with some extensions". in iPlanet 4.1 ES we can do that. i dont know about anyother servers. i guess that would also serve the purpose of hiding the stuff.
regards
maulin
 
Clem White
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for the replies. I need a solution that offers protection in cases where users may know the full path to the file.
William, I've tried something similar to your solution but I don't know how to enable users to download a file through a servlet. I've tried setting up a sym link and then serving the file as an include in a blank JSP page, but this corrupts Word and Excel files (probably because the header information is now wrong). Can you suggest a better way to enable download of a file outside the web root via a JSP or servlet?
 
Paul Frey
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have to protect content that is not HTML as well. I was planning on a Servlet Filter. Have you looked into that option?
 
Clem White
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Paul - I've never used Servlet Filters before but I looked up some info about them (URLs below) and it looks like they might well do what I need. I'll post here once I've had a chance to try this to let you know how I got on.
http://www.onjava.com/pub/a/onjava/2001/05/10/servlet_filters.html
http://javaboutique.internet.com/tutorials/Servlet_Filters/filter-mapping.html
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!