Maybe I'm missing the point completely, but why not MD5 encode the path to your image along with a timestamp, how long this link should be valid?
I' used this several times, decoding the link in the servlet and streaming it to the client. You can alternatively have a filter for url-rewriting. The servlet approach has the advantage of being able to modify the headers and cache often needed images (not that you would need it on a good configured linux machine). check this out as an example: http://www.stadtplandienst.de/objects/euro360/index.html for en/decoding look for BlowFishJ (for example). ... > Well all this works, EXCEPT, for the caching part > (which mozilla does know how to do). > You simply can't rely on browser caching behaving. Especially https caching. Firefox / Galleon cache everything they can get, this is really ugly, especially if the cache dynamical content with all headers set (I've seen versions of my site in galleon which were 3 weeks old even after hiting refresh). However, I'm very glad explorer doesn't cache https, caching https could be pretty critical, or do you want anyone who has access to you workstation to see your bank account number ? regards Leon On 10/27/05, Maurice Yarrow <[EMAIL PROTECTED]> wrote: > Hello Charles > > Caldarale, Charles R wrote: > > "Why wasn't Tomcat's default servlet sufficient?" > > Glad you asked this question! > My needs are different than those of the > author to whom you responded, but it would seem > that this is an appropriate time for me to explain > my goal and why I have tried numerous different > mechanisms for serving static content either > with my own servlet or by hacking DefaultServlet. > And most important, why all these experiments > failed to give the results I require. > > First: the requirement: > The client sends a request for a static page > (in particular, an image). As is usually the > case, if this will be served by DefaultServlet, > it is possible for anyone to take the request > URL they see in their html source and just > cut-and-paste it into the URL line, since this > has to map into an actual disk location in some > sense. I do NOT want this to be possible. > What I require: > The client sends a request that has the image > name, but no other information. First, my app > servlet will authenticate the request via session- > tracking/session-object. Then the request getPathInfo() > will be massaged/modified to include the complete > location of the image. Next, the request will be > forwarded to DefaultServlet to be served under https. > And finally, Internet Explorer should know to cache > this image and reuse when the request is made again > (assuming image is unmodified, of course). > Well all this works, EXCEPT, for the caching part > (which mozilla does know how to do). > > Note that when DefaultServlet sends an image under > https but via the usual mechanism, say > "https://www.myDomain.net/images/imagename.jpg"; > > this will cache in IE. > > Well, so things I can't permit: use of sendRedirect() > since it puts the URL in the URL bar in the browser. > > Things that I have tried: writing my own downloader > servlet, including all the getLastModifiedDate() > override method, setHeader(..."public"...), etc., etc., > all of it basically copied from > DefaultServlet. I have also tried taking the > DefaultServlet code and making it into one of my > own servlets, but it still will not induce IE to > cache under https. (And this version had only > the most minimal changes to the DefaultServlet code.) > I have tried a filter and <filter-mapping> to map > the servlet-name to > > <servlet-name>default</servlet-name> > > (I guess I did not yet try <servlet-name>/*</servlet-name> ) > > Hassan Shroeder just posted a suggestion that I try > the http://tuckey.org/urlrewrite/ module, and I am > looking into that. > > Anyhow, I'll keep trying different ideas until something > works. I'm nearly masochistically persistant... > > But any suggestions would be greatly appreciated! > > Maurice Yarrow > > > > Caldarale, Charles R wrote: > >>From: John Laughton [mailto:[EMAIL PROTECTED] > >>Subject: Re: static server implementation? > >> > >>I ended up created a second context in tomcat that allows > >>access to the static content (ie. large jpegs) > > > > > > I'm confused. Why wasn't Tomcat's default servlet sufficient? It's > > sole purpose is to deliver static content. > > > > - Chuck > > > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > > MATERIAL and is thus for use only by the intended recipient. If you > > received this in error, please contact the sender and delete the e-mail > > and its attachments from all computers. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
![https://www.myDomain.net/images/imagename.jpg"](https://www.myDomain.net/images/imagename.jpg"){kind=link}