Have you tried other browsers than MSIE? If it works for FireFox, then you've probably hit http://issues.apache.org/bugzilla/show_bug.cgi?id=28750.
"Mark Leone" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Slightly off-topic -- Tomcat related > > I have a servlet that is invoked by clicking a hyperlink that is rendered > by a JSP running in Tomcat. The servlet receives a file path parameter in > the HTTP request, and then streams that file to the requesting client. I > have a <security-constraint/> defined in Tomcat for the JSP, requiring > basic password authentication. However, if I define the > <security-constraint/> so that it applies to the servlet also, then the > following error occurs when the servlet attempts to stream the file to the > client. > > The browser presents the file info and prompts to save or open the file, > but then when the actual streaming is attempted, the browser reports that > the site is unreachable. This is apparently caused by the lack of any > authentication during the file streaming operation, because when I define > the <security-constraint/> so that it applies to the JSP but not the > servlet, the problem does not occur. I don't really understand why it > behaves this way, since the servlet was invoked with proper authorization, > and the problem occurs only when the servlet starts streaming a file to > the client. But it does seem to be an authorization problem, since it goes > away when I don't constrain the servlet for authentication. I can operate > this way, but then my JSP is protected and the servlet is not. > > Is there a way to specify authentication parameters during the file > streaming operation? Does anyone have an explanation for what I'm > experiencing? Here's my servlet code: > > public class FileSender extends HttpServlet{ > > protected void doGet(HttpServletRequest request, > HttpServletResponse response) > throws ServletException, IOException{ > > String filename = request.getParameter("file"); > File file = new File(filename); > > MimetypesFileTypeMap mimeTypes = new MimetypesFileTypeMap > ("C:\\Program Files\\Java\\jdk1.5.0_01\\lib\\mime.types"); > String mime = mimeTypes.getContentType(file); > response.setContentType(mime); > response.setHeader("Content-Disposition", "attachment;" > + "filename=" + file.getName()); > > FileInputStream in = new FileInputStream(file); > OutputStream out = response.getOutputStream(); > byte[] buf = new byte[1024]; > int i = 0; > while((i=in.read(buf))!=-1) { > out.write(buf, 0, i); > } > in.close(); > out.close(); > } > } > > And here's my web.xml. With this configuration, the file downolad fails as > described above. To make it work, I remove the second <url-pattern/> > element as indicated. > > <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application > 2.2//EN" > "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd"> > > <web-app> > > <display-name> > File Port > </display-name> > > <description> > Makes files available through the web container > </description> > > <servlet> > <servlet-name>FilePort</servlet-name> > <description> > Retrieves specified file and sends it to requester > </description> > <servlet-class>FileSnatcher.FileSender</servlet-class> > </servlet> > > <servlet-mapping> > <servlet-name>FilePort</servlet-name> > <url-pattern>/FilePort</url-pattern> > </servlet-mapping> > > <!-- Define a Security Constraint on this Application --> > <security-constraint> > <web-resource-collection> > <web-resource-name>FileSnatcher</web-resource-name> > <url-pattern>*.jsp</url-pattern> > <url-pattern>/FilePort</url-pattern> <!-- remove this to make it > work --> > </web-resource-collection> > <auth-constraint> > <role-name>manager</role-name> > </auth-constraint> > </security-constraint> > > <!-- Define the Login Configuration for this Application --> > <login-config> > <auth-method>BASIC</auth-method> > <realm-name>JDBCRealm</realm-name> > </login-config> > > <!-- Security roles referenced by this web application --> > <security-role> > <description> > The role that is required to log in to the Manager Application > </description> > <role-name>manager</role-name> > </security-role> > > </web-app> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]