Results 1 to 7 of 7
  1. #1
    vishnujava is offline Member
    Join Date
    Apr 2008
    Posts
    14
    Rep Power
    0

    Default restrict users from entering the image/text files path directly in the browser.

    How do i restrict users from entering the image/text files path directly in the browser.
    my web application has restrictions to jsp/servlet pages, wherein we ask for username and password which will chk and db and then authenticate.
    but when an image or text file in a particular directory is accessed thru the web i have to restrict. how do i do that.

    to be more clear

    if i access
    http:somename.com/index.jspit will ask for login information and only then other jsp pages can be accessed.

    but
    http/somename.com/images/logo.jpgif i type directly this image will appear, but i need to restrict, how to do that in Tomcat.

    thanks in advance.

  2. #2
    skaspersen is offline Member
    Join Date
    Jul 2008
    Posts
    31
    Rep Power
    0

    Default

    You would do that in the security section of your web.xml file.

  3. #3
    Norm's Avatar
    Norm is online now Moderator
    Join Date
    Jun 2008
    Location
    Eastern Florida
    Posts
    17,879
    Rep Power
    25

    Default

    skaspersen,
    I'm not familiar with the security section of the web.xml page. I should read up on it. Where is the doc on how to use it?
    Are you saying that you can restrict which files are returned by an HTTP GET from a browser? How does the server know whether a site has permission to get a file? There must be a state maintained that allows the server to know that some files can only be loaded to a specific site after the jsp code has said OK.

  4. #4
    vishnujava is offline Member
    Join Date
    Apr 2008
    Posts
    14
    Rep Power
    0

    Default

    Hi skaspersen,

    actually I don't have much knowledge on that in web.xml
    could you please give me detials...or give me some link where I can find the details.

    thanks in advance,

  5. #5
    vishnujava is offline Member
    Join Date
    Apr 2008
    Posts
    14
    Rep Power
    0

    Default

    Please anybody let me know that whether it is possible or not?

  6. #6
    mtv134 is offline Member
    Join Date
    Aug 2008
    Posts
    22
    Rep Power
    0

    Default

    yes it is possible to do that using the <url-pattern> in the web.xml
    you add a url mapping section to the web.xml with the extension of the images that are stored in the server and redirects the url to an error page when this url is accessed by the browser

    The following table describes the elements you can define within a servlet-mapping element.

    Element


    Required/
    Optional


    Description

    <servlet-name>


    Required


    The name of the servlet to which you are mapping a URL pattern. This name corresponds to the name you assigned a servlet in a <servlet> declaration tag.

    <url-pattern>


    Required




    Example patterns:

    /soda/grape/*
    /foo/*
    /contents
    *.foo

    The URL must follow the rules specified in Section 10 of the Servlet 2.2 Specification.

    For additional examples of servlet mapping, see Servlet Mapping.
    visit http://www.thejavacode.com
    Muhammad Safwat

  7. #7
    skaspersen is offline Member
    Join Date
    Jul 2008
    Posts
    31
    Rep Power
    0

    Default

    You need to create realm based authentication, and in your case use jdbcrealm. It is included in glassfish V2, implementations are available for other Application Servers just use google.

    I have successfully implemented this in glassfish.

    Your web.xml would have entries similar to this.
    Java Code:
        <login-config>
            <auth-method>FORM</auth-method>
            <realm-name>developinjava</realm-name>
            <form-login-config>
                <form-login-page>/login.jsp</form-login-page>
                <form-error-page>/loginerror.jsp</form-error-page>
            </form-login-config>
        </login-config> 
        <security-constraint>
            <web-resource-collection>
                <web-resource-name>Secure Pages</web-resource-name>
                <url-pattern>*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                <role-name>USERS</role-name>
            </auth-constraint>
        </security-constraint>
    If a user tries to access pages that match the url-pattern property of web-resource-collection and they have not logged in they will automatically be redirected to the login form

    Note: If this is not an intranet application you should probably serve the form over https and not http

    Tomcat links:
    Working with JDBCRealm
    Tomcat Security Overview and Analysis

    Glassfish links:
    JDBCRealm in GlassFish with MySQL : Shing Wai Chan's Weblog
    Develop in Java
    Last edited by skaspersen; 08-06-2008 at 02:46 PM.

Similar Threads

  1. Writing text into an image and save it
    By elcapi in forum Java 2D
    Replies: 6
    Last Post: 09-18-2009, 06:47 PM
  2. How to draw directly on an SWT Control
    By Java Tip in forum SWT Tips
    Replies: 0
    Last Post: 07-02-2008, 08:51 PM
  3. How to display scrolling text and image on a JFrame
    By Abhi_vk in forum AWT / Swing
    Replies: 1
    Last Post: 06-20-2008, 11:19 PM
  4. Text and image files within jar files
    By erhart in forum Advanced Java
    Replies: 8
    Last Post: 01-19-2008, 05:43 AM
  5. Replies: 2
    Last Post: 07-30-2007, 09:55 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •