Bookmark Topic Watch Topic
  • New Topic

Permission control: File Upload and Download - Want to improve performance

 
Joe Serel
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Report post to moderator
Greetings,

I have a web app (running in Tomcat) which allows user to login and upload files. The uploaded files are saved to /WEB-INF/resources/user_name/filename

The uploaded files should only be available to the uploader. So, when the user login and try to download the files they uploaded, I use a URL pattern /data/user_name/filename
and map this pattern to a servlet. When the servlet sees this request and the same user is currently logged in the same session, the web app read file from /WEB-INF/resources/user_name/filename and write it to response stream.

This works fine. But my problem is, I think in my Servlet, reading the file and writing to the response stream is a bit overkill. Since the file is already there, can I just serve it as a static content? Can I do something like "forwarding" after checking the permission of the user in the servlet, and let Tomcat handles it (serves it as a static file)? I have to keep the servlet though because i need to do permission control there - only the uploader can access the uploaded file.

Moreover, I also want to see if it is possible to use Apache+Tomcat configuration and let Apache serve these uploaded files. Again, I am not sure how to do the permission control if I take this route.

My user login information is stored in a DB table.

I posted the later part of my question (Apache+Tomcat) here:
http://www.coderanch.com/t/85506/Tomcat/Access-control-Tomcat-Apache
and got some good information.

Any help will be appreciated.

Thanks,

Joe

[ October 29, 2005: Message edited by: Joe Serel ]
[ October 29, 2005: Message edited by: Joe Serel ]
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65216
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Report post to moderator
Can I do something like "forwarding" after checking the permission of the user in the servlet, and let Tomcat handles it (serves it as a static file)?


Yes, you can do this. But Tomcat will do pretty much the same thing you are, so if you're looking for a marked performance gain, you probably won't see much difference (unless your own write code is grossly inefficient). Probably worth a try.

I also want to see if it is possible to use Apache+Tomcat configuration and let Apache serve these uploaded files.


I would not recommend this approach. Enforcing persmission will be much more difficult and it's a bit of a configuration hassle. Tomcat's serving of static files is on a par with Apache's.
[ October 29, 2005: Message edited by: Bear Bibeault ]
 
Joe Serel
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Report post to moderator
{
Yes, you can do this. But Tomcat will do pretty much the same thing you are, so if you're looking for a marked performance gain, you probably won't see much difference (unless your own write code is grossly inefficient). Probably worth a try.
}

Wow, thanks for the reply - just joined this forum and found it's incredibly responsive.

Bear, can you tell me how to do this? At least I can remove my own written code since I always think DRY is good.

You made the same point as Scott did saying that Tomcat static file serving is on par with Apache, I'll have to believe you guys :-) Even a lot of docs on the net suggests Apache has performance gain - but I think those are prob. obsolete - like Scott said his experience with new Tomcat server is pretty good.

Thanks.

Joe

[ October 29, 2005: Message edited by: Joe Serel ]
[ October 29, 2005: Message edited by: Joe Serel ]
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65216
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Report post to moderator
Joe, in the future, please do not cross-post the same question in multiple forums. It wastes time when multiple redundant conversations take place and is against forum policy.

You would forward to the resource the same as any other, using the Request Dispatcher forwarding mechanism.

And yes, while Apache may have had the static-serving edge at some point, recent versions of Tomcat have closed the gap.
 
Joe Serel
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Report post to moderator
Thank you Bear. Sorry about the multi post.
 
    Bookmark Topic Watch Topic
  • New Topic