java - How do I restrict access to files with a Tomcat server? -
i'm using java when user needs interact database. checks appropriate log info authenticator.
but i'm serving pdf file on server. not users should have access file -or directory matter.
how can restrict access it?
in naïve understanding, thought restricting access using java/jsp, when user gets url total path on server file, can access it.
use servlet filter it. servlet filter should mapped url access pdf files. example:
@webfilter("/path/to/your/pdf/*") public class filefilter implements filter { @override public void dofilter(servletrequest req, servletresponse res, filterchain chain) throws ioexception, servletexception { httpservletrequest request = (httpservletrequest) req; httpservletresponse response = (httpservletresponse) res; httpsession session = request.getsession(false); if (session == null) { user user = (user)session.getattribute("user"); if (validateuserforpdfdownload(user)) { //user can download file chain.dofilter(req, res); } else { //user must not download file //redirect user url response.sendredirect(request.getcontextpath() + "/index.html"); } } } public boolean validateuserforpdfdownload(user user) { //define logic validate if user able download file } } note basic approach. more complex solution involves using security framework validate user authentication , authorization per action. can utilize framework apache shiro or spring security fulfill requirement.
more info:
stackoverflow servlets filter wiki java jsp tomcat
No comments:
Post a Comment