Apache Tomcat上的文件下载后,才会话验证JSP [英] apache tomcat file download only after session authentication jsp
问题描述
喜
我使用的Apache Tomcat。
我有输入用户名和密码,一个Java bean进行身份验证的JSP文件。
用户后已验证我通过认证true值的名称创建一个用户名和会话变量另一个。
我想允许下载文件只对会话变量认证==真后;
我也想下载之前做一些处理(注册谁下载的用户名。)
Hi i am using apache tomcat. i have a jsp file for entering user name and password and a java bean for authentication. after user have been authenticated i create a session variable with the user name and another by the name of "authenticated" with the value true. i want to allow file download only after the session variable "authentication" == true; i also want to do some processing before the download (registering the user name who downloaded..)
问题:
可以说我有文件download.bin内部目录/下载
所以任何人谁直接转到URL下载/ download.bin将获得该文件。
the problem: lets say i have the file "download.bin" inside directory "/downloads" so anyone who go directly to url "downloads/download.bin" will get the file.
1.可我的文件prevent直接下载
2.只有在会话验证启用文件下载。
1.can i prevent direct download of the file 2. enable the file download only after session authentication.
感谢。
推荐答案
可以被直接下载prevent文件。这样做的一个常见方法是把你的 /下载
文件夹中的 WEB-INF
内部。创建一个servlet,它检查身份验证标志,然后将文件发送给用户。
A的用户请求可能看起来类似以下内容:
You can prevent the file from being directly downloaded. One common way to do that would be to put your /downloads
folder inside of the WEB-INF
. Create a servlet which checks your authentication flag and then sends the file to the user.
A users request may look something like the following:
http://localhost/myApp/downloadServlet?filename=download.bin
由于WEB-INF里面的内容是不是可以公开,可以有隐藏文件。
Since content inside the WEB-INF is not available publicly, you can hide your files there.
这篇关于Apache Tomcat上的文件下载后,才会话验证JSP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!