• Post Reply Bookmark Topic Watch Topic
  • New Topic

unable to download file

 
Megha Singhal
Ranch Hand
Posts: 225
IBM DB2 Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
following are the code for uploading and downloading. uploading is going well but i am unable to download from download link






after uploading and when i am trying to download this is giving following error


HTTP Status 500 -

--------------------------------------------------------------------------------

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

org.apache.jasper.JasperException: java.io.FileNotFoundException:
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:522)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:404)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:337)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)


root cause

java.io.FileNotFoundException:
java.io.FileInputStream.open(Native Method)
java.io.FileInputStream.<init>(Unknown Source)
org.apache.jsp.download_jsp._jspService(download_jsp.java:85)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:337)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)


note The full stack trace of the root cause is available in the Apache Tomcat/6.0.16 logs.


--------------------------------------------------------------------------------

Apache Tomcat/6.0.16

kindly help me to remove this problem.
 
Paul Clapham
Sheriff
Posts: 21889
36
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


It looks to me like the user just has to provide the full path to any file whatsoever on your server, and you will happily send them that file. That seems dangerously insecure to me -- are you sure you really want to do that? Right now you're just protected because the user isn't providing a valid path. The problem you perceive is caused because your code doesn't bother to check whether the path is valid (that's what the exception is telling you) but your real problem is in your insecure design. You should go back a step and figure out what limited set of files you want the users to have access to, and then design a method for the users to access them without having to specify the path to those files.

One other thing: You should use a servlet for file downloads, not a JSP. If you use a JSP then it's likely to output whitespace along with the actual file data (e.g. the whitespace between lines 18 and 19 of your posted code), thus corrupting the file data.
 
Megha Singhal
Ranch Hand
Posts: 225
IBM DB2 Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i have tried a lot to find out the problem but still can't find out. i don't have any problem whether the path is not secure because i am preparing this project at small level.
please help me.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!