通过Web保护文件:基于细粒度授权的文件访问 [英] Securing Files over Web: Fine Grained Authorization Based File Access
问题描述
我有一个员工可以在其中上传文件的系统.三种方式
以公共,私有或保护模式上载到我的帐户
以公共,私有或受保护的模式上传到部门帐户
以公开,私有或受保护的模式上传到组织帐户
任何人都可以看到公共场所,该团体或个人只能看到该公共场所,并且该组织中的任何人都可以受到保护.
组织的所有文件都存储在文件服务器上的目录/files/< organizationId>/中. 喜欢
文件
+-234809
| + img1.jpg
| + doc1.pdf
+-808234
| + doc2.pdf
我正在DB中存储文件路径和隐私级别.因此,我可以控制是否在给定页面上向用户显示指向文件URL的链接.
问题是,我无法控制文件的URL ...因此,如果有人在其浏览器的地址栏中键入img1.jpg的URL,则无法知道登录用户是否符合条件来查看img1.jpg.
有什么建议吗?
它是一个Java应用程序.但是,还有一个单独的Glassfish实例充当文件服务器.由于该应用尚未发布,因此我们愿意采用更好的文件访问策略.
正在访问文件的用户可以登录也可以不登录.但是,如果我们知道所访问的文件是私有文件或共享文件,我们可以通过重定向到登录页面来对用户进行身份验证.
谢谢
Nishant
您提出了一个有趣的问题,并且您对该问题的理解是正确的.
根据提供内容的IIS版本,如果内容位于vdir中,您甚至可能没有访问控制权.
这种情况的典型解决方案是将文件存储在Internet不可访问的目录中,并使用受IS保护的HttpHandler并将文件流式传输出去.
有多种解决方法,最简单的方法是将HttpHandler映射到不存在的目录(例如/downloads),然后从RequestUri中解析文件名,设置适当的内容类型并将文件写入Response./p>
在这种情况下,您的HttpHandler受IS保护,使您能够确定访问权限.
I have a system where employees can upload files. There are three ways
Upload to my account in public, private or protected mode
Upload to department account in public, private or protected mode
Upload to organization account in public, private or protected mode
where public is visible to anyone, private to the group or person only and protected to anyone in the organization.
All the files for an organization are stored in a directory say, /files/<organizationId>/, on file server like
files
+-- 234809
| +img1.jpg
| +doc1.pdf
+-- 808234
| +doc2.pdf
I am storing file-path and privacy level in DB. So, I can control whether to show link to a file URL to an user -- on a given page.
The problem is, I do not have any control over file's URL... so, if some one types the URL to img1.jpg in his browser's address bar, there is no way to know whether a logged in user is eligible to see img1.jpg.
Any suggestion?
Its a Java application. However, there's a separate instance of Glassfish working as file-server. Since the app is not released yet, so we are open to adopt to a better file access strategy.
The user who are accessing the files may or may not be logged in. But we can always, authenticate a user by redirecting to login page if we know that the file that is being accessed, is a private or shared.
Thanks
Nishant
You pose an interesting question and your understanding of the problem is correct.
Depending on the version of IIS that is serving the content, you may not even have access control if the content was within your vdir.
A typical solution to this type of scenario is to store the files in a directory that is NOT accessible to the internet and use an HttpHandler that IS protected and stream the files out.
There are several ways to go about this, the simplest being an HttpHandler mapped to a nonexistent directory, say /downloads, and parse the filename out of the RequestUri, set the proper content-type and write the file to Response.
In this case, your HttpHandler IS protected enabling you to determine access.
这篇关于通过Web保护文件:基于细粒度授权的文件访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
