Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

blocking access to images

 
Hemant Visal
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
I have a application where users upload images to the server. I am using Tomcat 4.1.27. The folder structure is as below :
webapp
|__application
|__images
|___data
|___temp
Images uploaded by user are temporarily stored under webapps/application/iamges/temp folder. After processing the image, its preview is displayed to the user and once he submits the page, the image is copied with a different name to the data folder.
When the image preview is displayed, it is displayed using line
<IMG src="/application/images/temp/tempimagename.jpg" >
Now my problem is, I don't want the user to access any file under temp or data folder. If the user types such a url in the browser, he shouldn't be allowed to view the file.
http://url ort/application/images/temp/tempimagename.jpg or
http://url ort/application/images/data/imagename.jpg
At the same time, I have a functionality for the admin, where he will be displayed with the image as
<IMG src="/application/images/data/imagename.jpg" >
Is it possible to restrict the user? How can I block any direct access to the file.
Please help me ASAP.
Thanks in advance
Hemant.
 
Peter Kristensson
Ranch Hand
Posts: 118
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please don't cross post both here and in the Tomcat forum.
It wastes space, time and resources.
/Peter
 
john mattucci
Ranch Hand
Posts: 331
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
place them under the web-inf directory
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You want images uploaded from users to be available to the admin, but not other users?
Placing them in the web-inf won't work, tha admin won't ba able to see them.
One option is to load them into a directory on the webroot that has some sort of protection (BASIC authentication is the easiest).
If you already have some security built-in you could also save the images off the webroot and serve them using a custom Servlet which checks user priveledges.This is similar to the first, but is a little cleaner if you already have security enabled.
Dave
 
Frank Carver
Sheriff
Posts: 6920
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just in case anyone reads the above two messages and gets confused, remember that in most situations the name of the directory/folder WEB-INF is case sensitive. Please always use "WEB-INF", which is guaranteed to work, rather than "web-inf" which will only work in some cases.
Thanks.
 
Hemant Visal
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
As this was my first post, I was not aware of cross posting issues. Henceforth I will take necessary care.
Thanks a lot.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic