tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bruce Miller <bruce.mil...@nist.gov>
Subject Re: Handling file downloads?
Date Fri, 01 Sep 2006 14:34:25 GMT
Matthias Klein wrote:
> Hi everyone,
> 
> What is the best method of handling files that are to be offered for 
> download?
> 
> I have a web application that uses JSF as presentation framework. This 
> web app is available as both stand-alone application in Tomcat as well 
> as portlet deployed within a portlet container that relies on tomcat.
> 
> This app is supposed to deliver files. For instance, it renders a button 
> or link and when a user clicks on it, one of the two following things 
> should happen:
> 1. the file is offered for download so the user can just download it
> 2. the file is a html file and should be displayed in a new browser 
> window, thereby obtaining embedded objects (e.g. images that the html 
> file refers to)

The first approach that occurs to me would be that
your button/link is to a url (w/ the filename as a query parameter)
handled by a servlet that decides (presumably based on session info)
whether it falls into case 1 or 2.

If case 1, it could then copy the data out to the response,
with the appropriate mime type.

For case 2, it could build & return the html page, but
it would probably be better redirect to another url
(w/ appropriate parameters).  That url could be handled
by a servlet or jsp that personalizes the html as appropriate.

Actually, case 1 could be handled by an internal redirect
as well; but then, in principle, you've got a url to the
datafile w/o protection, even though the user doesn't (easily)
see it.

I'd be interested in hearing of any weaknesses (or strengths)
to this approach.

> However, this functionality should be offered to users depending on 
> their access rights. If user B is not allowed to download file X, he 
> should not be able to.
> 
> What is the best method / way of handling this?
> 
> The simple way of storing all files in something like 
> %CATALINA_HOME%/webapps/files and then just render a download link 
> referring to a file within won't work because everyone could access the 
> files via URL. (Plus I don't like storing the files within 
> CATALINA_HOME. What if I want to store them anywhere in the file system 
> of the host?)
> 
> In addition, some files have to be altered for some persons (e.g. before 
> being delivered to user A, file X.html has to be processed and altered 
> to meet the needs of user A. ONLY user A should see the altered X.html 
> (X_altered_for_user_A.html).
> 
> So this above approach looks "dirty" to me and doesn't live up to my 
> expectations. But how does one deal with this "offering files for 
> download" issue in a good, elegant way?
> 
> There must be some nice way because like every CMS that uses tomcat 
> offers just that. Any idea?
> 
> Thanks a lot
> 
> Matt
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


-- 
bruce.miller@nist.gov
http://math.nist.gov/~BMiller/

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message