This week's book giveaway is in the Other Languages forum.
We're giving away four copies of Functional Reactive Programming and have Stephen Blackheath and Anthony Jones on-line!
See this thread for details.
Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

prevent hotlinking images with standalone tomcat.

 
Rob Deer
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I'm running tomcat webserver standalone. Is there a way to stop hotlinking images? I know you can do this with apache but what about standalone tomcat? Thanks.

EW
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13074
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there a way to stop hotlinking images?


If by that you mean requiring all image requests to come from known legal users, sure. Just have the image link point to a servlet rather than a file and have the servlet check for a valid session before sending the image data.

Bill
 
Rob Deer
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm trying to prevent people typing image.jpg in the url to go to the image directly.
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13074
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm trying to prevent people typing image.jpg in the url to go to the image directly.

Ok, thats what I was talking about, Tomcat will only serve images directly from the main web application directory. Put you images somewhere else and create a servlet to send them after checking for a valid user.
Bill
 
Rob Deer
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
can you give a little example on the servlet?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could do this with a filter as well.
Put all your restricted images in a directory (member-img). Then create a filter that checks a user's login credentials (usually stored in session) and allows the request to pass if the user should be allowed to access that directory.
Map that filter to your member-img directory.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic