Apache Tomcat上的文件下载后，才会话验证JSP [英] apache tomcat file download only after session authentication jsp

问题描述

喜
我使用的Apache Tomcat。
我有输入用户名和密码，一个Java bean进行身份验证的JSP文件。
用户后已验证我通过认证true值的名称创建一个用户名和会话变量另一个。
我想允许下载文件只对会话变量认证==真后;
我也想下载之前做一些处理（注册谁下载的用户名。）

Hi i am using apache tomcat. i have a jsp file for entering user name and password and a java bean for authentication. after user have been authenticated i create a session variable with the user name and another by the name of "authenticated" with the value true. i want to allow file download only after the session variable "authentication" == true; i also want to do some processing before the download (registering the user name who downloaded..)

问题：
可以说我有文件download.bin内部目录/下载
所以任何人谁直接转到URL下载/ download.bin将获得该文件。

the problem: lets say i have the file "download.bin" inside directory "/downloads" so anyone who go directly to url "downloads/download.bin" will get the file.

1.可我的文件prevent直接下载
2.只有在会话验证启用文件下载。

1.can i prevent direct download of the file 2. enable the file download only after session authentication.

感谢。

推荐答案

可以被直接下载prevent文件。这样做的一个常见方法是把你的 /下载文件夹中的 WEB-INF 内部。创建一个servlet，它检查身份验证标志，然后将文件发送给用户。
A的用户请求可能看起来类似以下内容：

You can prevent the file from being directly downloaded. One common way to do that would be to put your /downloads folder inside of the WEB-INF. Create a servlet which checks your authentication flag and then sends the file to the user. A users request may look something like the following:

http://localhost/myApp/downloadServlet?filename=download.bin

由于WEB-INF里面的内容是不是可以公开，可以有隐藏文件。

Since content inside the WEB-INF is not available publicly, you can hide your files there.

这篇关于Apache Tomcat上的文件下载后，才会话验证JSP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！