Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Other Security APIs, Tools, and Issues

secure my files from unregistered user

Hi, can anyone pls help me, I need to protect my pdf files from downloading & accessing by unregistered users. What's the best way to do this? if anyone could suggest me how to do this, I would be very thankfulthanks in advance,ctb
[271 byte] By [ctbC] at [2007-9-27 2:16:18]
«« JScrollPane flickering- I have spent whole week with no progress.
»» JAVA AND COM - Importing MSPROJECT into JAVA
# 1
You can turn on HTTP authentication on your webserver (I assume that the PDFs are located on a webserver?)Tom
tomberge at 2007-7-4 21:28:05 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 2

Thanks tomberge,

if i turned on my http authentication, do i need to create a java program that would generate xml to store all registered user?

is this possible.. i have a registration page.. once they registered... the java program will insert his user/pass in the xml file.

or http auth can directly connect to the database and validate the user?

what's the best way to do this? sorry, im still new on this stuff.. please help!

ctbC at 2007-7-4 21:28:05 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 3

How about creating a servlet/jsp that checks for authentication everytime a user accesses it. If user is authenticated, just open a OutputStream

Create the file link to be a link to the servlet/jsp and include a file id or something with the path.

This doesn't care if the authentication is done using java's session (HttpSession) or a cookie etc.

Authentication could be stored in xml or a database. If you're using Linux or Unix you'll easily get your hands on a free DBMS. At least MySQL is also available for Windows.

in a servlet you might do it like this:

--snip--

//1) authenticate the user

//2)get filepath & filename

//3)write the file to the downloader

FileInputStream fis = new FileInputStream("path&filename");

OutputStream out = response.getOutputStream();

byte buffer[] = new byte[1024];

int readlen;

int sentsize = 0;//Just a byte counter...

while ((readlen = in.read(buffer)) != -1) {

out.write(buffer, 0, readlen);

sentsize += readlen;

}

out.close();

in.close();

//4) continue with whatever is needed. Maybe a response.sendRedirect("") or a requestDispatcher...

--snip--

miso

MisoK at 2007-7-4 21:28:05 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 4

hi !

if i understand ur requirment correctly , u want that only authentic users should be able to download files (pdf/doc etc) from ur server . The first thing to do would be

1) create a folder outside ur web root , so that users can not access the files by typing in the URL.

next you could devise a way of storing different files and their absolute pathnames . u could do it by:

1) If u have a database , u could create a separate table for this info

or

2)U could create a properties file which can be updated as and when required

or

3) u could have a xml file that could have this info .(this again must go outside web root)

now that we have the files and their pathnames we need some way to allow download to authentic users. to do this :

1) u could have a JSP/Servlet that verifies that the user has been authenticated

2) gets the path stored in (database/properties/XML) corresponding to the file requested

3) open a stream to the file ...

4)read from the source file and dump the data in the response object with the appropriate mime type set .

the last step already has been explained in one of the answers..

this should address your concerns ..

happy coding,

Ravi Pandey

Ravi12566 at 2007-7-4 21:28:05 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
Security
Other Security APIs, Tools, and Issues

Security New Topic

Security Hot Topic

Security

All Classified