I have a directory of files (Word and Excel) that I only want accessible to users who are logged in with a valid session in my jsp pages. I can protect the page which links to the files, but I want to be able to project the files themselves from the possibility of people entering the URL directly in the web browser to access them. Any ideas on how to do this?
hi clem, or u can put index.html in the directory which u want to protect from being directly seen from the browser. generally the webservers have indexing configuration that says "display index.html (or home.html or main.html etc dependent upon the webserver) if the directory is being accessed from the browser" so whenever u try to go to the directory it will show u the index.html instead the content and then we can't see what is in there. catch here is "what if user somehow knows the direct path to the file and type in that?". in that case i'd go with what William suggested. also, in some webservers we can configure it to "not show particular files with some extensions". in iPlanet 4.1 ES we can do that. i dont know about anyother servers. i guess that would also serve the purpose of hiding the stuff. regards maulin
Thanks for the replies. I need a solution that offers protection in cases where users may know the full path to the file. William, I've tried something similar to your solution but I don't know how to enable users to download a file through a servlet. I've tried setting up a sym link and then serving the file as an include in a blank JSP page, but this corrupts Word and Excel files (probably because the header information is now wrong). Can you suggest a better way to enable download of a file outside the web root via a JSP or servlet?
Thanks Paul - I've never used Servlet Filters before but I looked up some info about them (URLs below) and it looks like they might well do what I need. I'll post here once I've had a chance to try this to let you know how I got on. http://www.onjava.com/pub/a/onjava/2001/05/10/servlet_filters.html http://javaboutique.internet.com/tutorials/Servlet_Filters/filter-mapping.html