Hi all, Here is my problem: I have a user which is granted access to some files to download. I want to put all the files downloadable by all the users in a common directory (many users may download the same file), but with the possibility to deny the download to users not identified by my application (I've put a bean in the session scope to identify the user).
I first tried to create an Action class taking the filename of the file to download in parameter, forwarding to the path of my file with a redirect. It works fine for the first requirement, but it fails to deny the download to not identified users, because the file is in a public directory. If I try to put my file directory within WEB-INF, I'm getting the "access deny" message from my servlet container (because of the redirect). Even if my solution does not show the URL to get directly the file (so, nobody should know the URL), it is not a good one because the security relies on that hypothesis... I'd prefer to have a servlet or an action or a jsp which checks the identification of the user, then modifies the HTTP header with the good mime type (but which one? my files could be .exe, pdf and so on...), and include the file. But as far as I tried this, my problem is that my browser give a filename that I don't want (for example I have a download.do?file=myApp.exe and the browser wants to save "download.do" where I wanted it to be "myApp.exe". Hope anybody has a suggestion ;) Thanks !! -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
