how to prevent unauthorised user from accessing a file by typing the URL directly using a servlet as the preventive measure is what has been a sore for me for some time now.i would be very grateful for any opinion.thanks

9 Years
Discussion Span
Last Post by elnuk

Like I have said before (and I believe to you) was write a servlet that takes a filename as one of the parameters and then have that servlet check the session information before returning the contents of the file. It is not that hard, already. I am not, however, going to just give you code for it. Try to write it. I will help you correct it, but I will not write it for you.


thanks a lot masijade.The web app i'm trying to develop has a servlet acting as a front controller which does the redirecting to where the files are located,if a user gets hold of the url such as,
www.mywebapp.com/.../about.pdf.the resource is accessed directly without going through the front controller.I have an idea of 3 ways to solve this problem which is,
1. ht_access 2. mod_rewrite module 3. use a server side scripting facility.
I intend implementing the 3rd one.how is it possible for me to get the address directly typed in the address bar so i can pass it into the servlet


So don't redirect. Have the servlet deliver it directly! As I have already said.

If the file is a pdf, set the response objects content type to pdf, read the PDF bytes and send them directly to the responses output stream.

Like I said, the servlet returns the file, it does not redirect. I never said anything about redirecting, I never even hinted at that!


THANK YOU VERY MUCH,u'r an heaven sent.this did it all


File file = new File ("/.../resources" + fileName);

                    InputStream in = new FileInputStream(file);
                    ServletOutputStream outs = response.getOutputStream();

                        int bit = 256;
                        int i = 0;

                        try {

                                while ((bit) >= 0)
                                        bit = in.read();

                        } catch (IOException ioe)


really grateful.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.