commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Priest <Robert.Pri...@bentley.com>
Subject RE: Serving files through a Servlet?
Date Mon, 28 Jul 2003 16:05:04 GMT
Yes, they do.

Please allow me to do a bit more explaining...

Also (a bit more information) the URL for the download will contain a
session id for the user. So if you will allow me to modify my example:

Say user A logs in and has a session id of "1" and wants to download
abc.jar. He will be redirected to the url:
http://localhost/myservlet/downloaddir/1/abc.jar

now I would like to put in place a guard servlet. So in myservlet's web.xml
I will add 

<servlet-mapping>
	<servlet-name>com.myproj.web.GUARD</servlet-name>
	<url-pattern>/downloaddir/*</url-pattern>
</servlet-mapping>

The intention is for the "Guard" servlet to:

1. Inspect the url for sessionid ("1" in this case").
2. Get it and compare it to the current session id (session.getID()).
3. if the two match, then start an http download.
4. If not then, throw up an "Access Denied" error page.

That is pretty much all we need to do. I also don't want to add basic\Form
authentication at this point for those directories. We simply want to match
whether the session id in the url is the same as the one the current user is
using.

That way, if another user, who will have a different session number (3 or
what have you) tries to paste in:  

 http://localhost/myservlet/downloaddir/1/abc.jar

he\she will get an access denied.

Is that more understandable?

We are trying to prevent cutting and pasting of urls.




-----Original Message-----
From: Schalk [mailto:schalk@volume4.co.za]
Sent: Monday, July 28, 2003 11:38 AM
To: 'Jakarta Commons Users List'
Subject: RE: Serving files through a Servlet?


Robert

Do your users have to log in before accessing these downloadable files?

Kind Regards
Schalk Neethling
Volume4.Development.Multimedia.Branding
emotionalize.conceptualize.visualize.realize
Tel: +27125468436
Fax: +27125468436
email:schalk@volume4.co.za
web: www.volume4.co.za
 

:: -----Original Message-----
:: From: Robert Priest [mailto:Robert.Priest@bentley.com]
:: Sent: Monday, July 28, 2003 4:37 PM
:: To: 'commons-user@jakarta.apache.org'
:: Subject: RE: Serving files through a Servlet?
:: 
:: Hello All,
:: 
:: I am sorry. I was only subscribed to the Dev list, not the user. I am
:: subscribed now however.
:: 
:: If someone replied to this message, could you forward it to me... Thank
you.
:: 
:: 
:: Also, I had another question:
:: 
:: How can I check for a Valid session id before allowing access to a file?
:: 
:: For example:
:: 
:: - I have a directory containing files for download:
:: http://localhost/myservlet/downloaddir/
:: - but before you download a file, say abc.jar (by using
:: "http://localhost/myservlet/downloaddir/
:: abc.jar"), I want to make sure that you have a valid session id. If your
:: session id is invalid, you get an access denied page. if not, you are
:: allowed to download.
:: 
:: so I guess what I want is to intercept any request to that "downloaddir"
:: and perform session\security checking (by another servlet or jsp page)
:: before allowing access...
:: 
:: 
:: Is there something in  the commons package for that, or is this a
question
:: more for the "tomcat users" list?
:: 
:: 
:: Thank you.
:: >  -----Original Message-----
:: > From: 	Robert Priest
:: > Sent:	Monday, July 28, 2003 9:47 AM
:: > To:	'commons-user@jakarta.apache.org'
:: > Subject:	FW: Serving files through a Servlet?
:: >
:: >
:: >
:: >  -----Original Message-----
:: > From: 	Robert Priest
:: > Sent:	Monday, July 28, 2003 9:19 AM
:: > To:	'jakarta-commons@jakarta.apache.org'
:: > Subject:	Serving files through a Servlet?
:: >
:: > Is there anything in the jakarta-commons package that will allow one to
:: > serve files through a servlet? I would like to have requests for
:: > downloading files come through a servlet instead of serving them
directly
:: > from an "http" accessible directory...
:: >
:: >
:: >
:: 
:: ---------------------------------------------------------------------
:: To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
:: For additional commands, e-mail: commons-user-help@jakarta.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commons-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-user-help@jakarta.apache.org

Mime
View raw message