?
Solved

use passworded jsp page to get files

Posted on 2004-04-15
6
Medium Priority
?
250 Views
Last Modified: 2010-04-01
Hey i want to have a jsp page where user can type in a login/password,  the jsp page will then just do a simple if(password="blabla") to check access. Now if the password is correct, the jsp page should allow the user (or just send it to the user?) to download a zip file.  My question is how do i do the part where jsp gets the file.  Can someone provide me with the code.   So basically

1)jsp check password
2) if correct password grab file and send it to user to download
3) the file should be in WEB-INF directory so people cant just type in the url and download it.

thanks!

gaga
0
Comment
Question by:gagaliya
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
6 Comments
 
LVL 92

Expert Comment

by:objects
ID: 10831077
use a download servlet something like:

public class Download extends HttpServlet
{
       public void doGet(HttpServletRequest req ,HttpServletResponse res) throws IOException,ServletException
       {
             doPost(req, res);
       }
       
       public void doPost(HttpServletRequest req ,HttpServletResponse res) throws IOException,ServletException
       {
        res.setContentType("application/octet-stream" + "; name=\"" + filename + "\"");
        res.setHeader("Content-Disposition","attachment; filename=" + filename +";");
        ServletOutputStream outputstream = res.getOutputStream();
        BufferedInputStream inputstream = new BufferedInputStream(new FileInputStream(downloadFile));
               
        int data;

        byte[] buffer = new byte[4096];
        while((data = inputstream.read(buffer))!=-1)
        {
            outputstream.write(buffer, 0, data);
        }
        inputstream.close();
        outputstream.close();
    }
}
0
 
LVL 92

Expert Comment

by:objects
ID: 10831080
you just need to add the file details, plus do the password check.
let me know if you need a hand
0
 
LVL 1

Author Comment

by:gagaliya
ID: 10833425
hey objects,

can you post the jsp version? once again same problem:P i dont have access to the app server so cant deploy new servlets. But jsp can access the WEB-INF directory? because i remember normal html pages is restricted from accessing the WEB-INF directory.  thanks!

gaga
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 92

Expert Comment

by:objects
ID: 10837860
jsp's are meant for returning text ( typically html) and not binary content.
0
 
LVL 92

Accepted Solution

by:
objects earned 1500 total points
ID: 10837870
try something like:

<%@ page import = "java.util.*, java.io.*" %>
<%
        response.setContentType("application/octet-stream" + "; name=\"" + filename + "\"");
        response.setHeader("Content-Disposition","attachment; filename=" + filename +";");
        OutputStream outputstream = response.getOutputStream();
        BufferedInputStream inputstream = new BufferedInputStream(new FileInputStream(downloadFile));
               
        int data;

        byte[] buffer = new byte[4096];
        while((data = inputstream.read(buffer))!=-1)
        {
            outputstream.write(buffer, 0, data);
        }
        inputstream.close();
%>
0
 
LVL 92

Expert Comment

by:objects
ID: 10846665
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question