how to prevent unauthorised user from accessing a file by typing the URL directly using a servlet as the preventive measure is what has been a sore for me for some time now.i would be very grateful for any opinion.thanks

Like I have said before (and I believe to you) was write a servlet that takes a filename as one of the parameters and then have that servlet check the session information before returning the contents of the file. It is not that hard, already. I am not, however, going to just give you code for it. Try to write it. I will help you correct it, but I will not write it for you.

thanks a lot masijade.The web app i'm trying to develop has a servlet acting as a front controller which does the redirecting to where the files are located,if a user gets hold of the url such as,
www.mywebapp.com/.../about.pdf.the resource is accessed directly without going through the front controller.I have an idea of 3 ways to solve this problem which is,
1. ht_access 2. mod_rewrite module 3. use a server side scripting facility.
I intend implementing the 3rd one.how is it possible for me to get the address directly typed in the address bar so i can pass it into the servlet

So don't redirect. Have the servlet deliver it directly! As I have already said.

If the file is a pdf, set the response objects content type to pdf, read the PDF bytes and send them directly to the responses output stream.

Like I said, the servlet returns the file, it does not redirect. I never said anything about redirecting, I never even hinted at that!

THANK YOU VERY MUCH,u'r an heaven sent.this did it all

...

File file = new File ("/.../resources" + fileName);

                    InputStream in = new FileInputStream(file);
                    ServletOutputStream outs = response.getOutputStream();


                        int bit = 256;
                        int i = 0;

                        try {

                                while ((bit) >= 0)
                                {
                                        bit = in.read();
                                        outs.write(bit);
                                }

                        } catch (IOException ioe)
                        {
                            ioe.printStackTrace(System.out);
                        }

                    outs.flush();
                    outs.close();
                    in.close();

really grateful.

This question has already been answered. Start a new discussion instead.