flex-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maurice Amsellem <maurice.amsel...@systar.com>
Subject RE: access PDF doc from inside Flex app but not outside?
Date Fri, 04 Apr 2014 22:28:40 GMT
>how does the servlet open the PDF in a new (client) browser window
It's not the servlet, it's the flex app that is responsible of opening the new window.
The servlet will simply read the bytes of the PDF file and write them to the output stream,
as if it was a static file (that what the http server does actually) 

> And when it does open the PDF in a new browser window, wouldn't the full URL including
token be shown in the browser (if so, someone could copy this URL and e-mail to someone else
to open it)?
The "security token" would be valid for the current user session only. You could for example
use the jsessionid as a key (or something similar).
So if someone else that is not logged tries the same url, it will not work.

Maurice 

-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net] 
Envoyé : samedi 5 avril 2014 00:23
À : users@flex.apache.org
Objet : Re: access PDF doc from inside Flex app but not outside?

I call a few Java servlets in my app using HTTPService(), although my app is not contained
in a JEE Web App as far as I know. 

Let me see if I follow... the servlet is called from within Flex using a specific URL. I can
append some text representing a "security token" on that URL, which the servlet validates
then ... hmm, how does the servlet open the PDF in a new (client) browser window (maybe you
can refer me to a specific command I can research to figure that out)? 

And when it does open the PDF in a new browser window, wouldn't the full URL including token
be shown in the browser (if so, someone could copy this URL and e-mail to someone else to
open it)? 


----- Original Message -----

From: "Maurice Amsellem" <maurice.amsellem@systar.com> 
To: users@flex.apache.org 
Sent: Friday, April 4, 2014 3:05:50 PM 
Subject: RE: access PDF doc from inside Flex app but not outside? 

Then the PDF files would be stored in the private area of the web-app (under WEB-INF) , so
they can't be accessed directly. 

There are probably variants of this, but I think you get the idea. 

-----Message d'origine----- 
De : Maurice Amsellem [mailto:maurice.amsellem@systar.com] 
Envoyé : samedi 5 avril 2014 00:04 
À : users@flex.apache.org 
Objet : RE: access PDF doc from inside Flex app but not outside? 

If your app is contained in a JEE Web App, you could probably write a servlet to download
the PDF securely, using a "security token" or something. 
The Flex App would simply request the servlet through its url to get the PDF, and pass it
the security token. 

Makes sense ? 

Maurice 

-----Message d'origine----- 
De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé : vendredi 4 avril 2014
23:45 À : apache flex users Objet : access PDF doc from inside Flex app but not outside?


I have a desktop Flex app that users register and login. I need to provide these users access
to technical documents in PDF format. However, I don't want to put these docs in my server's
public_html directory because then any visitor can potentially view them. Is there any way
for the Flex app to open these PDF files in a new browser window, while preventing their access
by website visitors? That is, the files can only be opened when logged into the app, and not
by copying and pasting a link in an email that goes to someone else for them to open in any
browser. 

I understand the user can simply download the PDF file and e-mail it if he/she really wants
to (I'm just trying to make it a little more difficult). 

I was thinking maybe there was a way to place the PDF files somewhere in the Java application
server since only Flex has access there (a firewall blocks website visitors). Thought maybe
someone ran into this before and could help me see what's possible. 

Mime
View raw message