tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: loading images through a Servlet
Date Fri, 02 Oct 2015 14:30:14 GMT
Hash: SHA256


On 10/2/15 5:04 AM, Bill Ross wrote:
> Thanks Andre for the well-considered reply. To Thad - thanks, I
> also asked on stackoverflow after here.
> I believe I have solved the obfuscation problem independent of the 
> javascript issue. What I just got working is logically:
> img.src = "/images/" + /servlet/getnext(params)
> Where I now have a Servlet at /images that serves the file, thanks
> to a generous coder at stackoverflow. I'll post the nicely designed
> code here if anyone wants.

Why not just use the DefaultServlet... that's what it's job already
is. Or, do you need an image from a database or whatever?

> I am adding a table to map random hashes to file names. I'll
> insert there and have getnext() return the hash instead of the file
> name. The new Servlet I just added will look up the hash, check the
> age of the record and refuse it if older than a second, and then
> serve up the mapped file from the filesystem with current date and
> some flippant random file name in the headers.

You could do your security-checking, and then simply forward() to the
resource, then let the DefaultServlet actually serve the bytes. That
allows you to use range-requests, etags, if-modified-since, and all
that other good stuff.

> So as far as I can see, the only thing not obfuscated is the image 
> itself and my ego, which is harmless here.

What do you need to obfuscate?

>> I can think of even more hare-brained schemes where for instance
>> some Ajax function of yours could open a websocket connection to
>> the server, and receive a stream of image objects from the server
>> over that single connection and "plug" them into the page as
>> appropriate.  But any kind of thing like that would start to
>> deviate seriously from standard practices, and need a serious
>> effort of development and debugging before it could be considered
>> as "production-level".
> This is exactly what I was fishing for, and I thought maybe it had
> been solved in some javascript library.

Do you need the image to be in an Image object, or do you want to put
it into an <img> on the screen? If the latter, just change the value
of the 'src' of the <img> and the browser will re-load the image from
the server.

- -chris
Comment: GPGTools -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message