tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: loading images through a Servlet
Date Fri, 02 Oct 2015 14:30:14 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Bill,

On 10/2/15 5:04 AM, Bill Ross wrote:
> Thanks Andre for the well-considered reply. To Thad - thanks, I
> also asked on stackoverflow after here.
> 
> I believe I have solved the obfuscation problem independent of the 
> javascript issue. What I just got working is logically:
> 
> img.src = "/images/" + /servlet/getnext(params)
> 
> Where I now have a Servlet at /images that serves the file, thanks
> to a generous coder at stackoverflow. I'll post the nicely designed
> code here if anyone wants.

Why not just use the DefaultServlet... that's what it's job already
is. Or, do you need an image from a database or whatever?

> I am adding a table to map random hashes to file names. I'll
> insert there and have getnext() return the hash instead of the file
> name. The new Servlet I just added will look up the hash, check the
> age of the record and refuse it if older than a second, and then
> serve up the mapped file from the filesystem with current date and
> some flippant random file name in the headers.

You could do your security-checking, and then simply forward() to the
resource, then let the DefaultServlet actually serve the bytes. That
allows you to use range-requests, etags, if-modified-since, and all
that other good stuff.

> So as far as I can see, the only thing not obfuscated is the image 
> itself and my ego, which is harmless here.

What do you need to obfuscate?

>> I can think of even more hare-brained schemes where for instance
>> some Ajax function of yours could open a websocket connection to
>> the server, and receive a stream of image objects from the server
>> over that single connection and "plug" them into the page as
>> appropriate.  But any kind of thing like that would start to
>> deviate seriously from standard practices, and need a serious
>> effort of development and debugging before it could be considered
>> as "production-level".
> 
> This is exactly what I was fishing for, and I thought maybe it had
> been solved in some javascript library.

Do you need the image to be in an Image object, or do you want to put
it into an <img> on the screen? If the latter, just change the value
of the 'src' of the <img> and the browser will re-load the image from
the server.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWDpT2AAoJEBzwKT+lPKRYdj0P/iTqUq5FTYeTgVjJtLXEMile
74ql5SalOtbERrTvyY72d4wHjlnWUYJCJeJOTWyDU3grJsG7OBxHpiWEQEI5c9GV
xEhhGrlI1vOIdJ3gZRCgnrPDV8pdXTS4Sg8zEuLpW5ITRLEJsnHQz6yJDkbLofYz
w9ACt/Dllv/kcJPHrIu9+J5xgLAEUPKIHuu1mM9TkTWeSYepuR8grm3A2GFO999D
+5MIkd/XpkfTK88/yGP6Q2xtXgXAtnI5Ug0e5S72gkGFRsHYV5iWb9yBRoji7W09
G1uOJPm3xiCED2bLsiFBZmhgv/YrmCoVx4EbLnsYO/92tkHT1+2zly2bmKZc/AoC
LXoWI/trEiE2MUWvYlwftyEZvBLsJQCqrHfo6MOwPNwY2YFhv+GYl7E5N+QcQZf5
eCu/vzCvsDZHz7QrVHwInDKXeD2iZ3JxMRVPFT7kIfD/aTzrlFEGqZ+hG/pYsjWh
Gv1l2vmfQkPu7/wmhoCscdcqwk9SMCYOWvK7/5ehSyZl/j/4J/zkqnkbU10HlxO+
wVjt+cVYtrCHf7UXWInF86N5ZHSu9KVsmWdoMUUOxIFbGRQbSIvCVBzFPv+WIoR/
G/hURioQXqcICmslbbhw9QwINuRWz7gpcp+Ll7Jj+3furtxYQwv6IB/qJSWSi/Ih
lvNUQAkYta9Y+ZUGYAfE
=5ruo
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message