Hans Bergsten wrote: > > > ...as > > > long as a servlet can open a file directly using a File object and a path > > > returned from SerlvetContext.getRealPath(), including a file servlet in > > > an add-on engine doesn't compromise security more than it already is. > > > > Actually, I tried opening the .html file and just sending the bytes back to the >browser. This didn't work either because the 'environment' (current document >directory, etc.) was not correct. It happens that the .html file I'm trying to open >uses frames. It could not find the frame pages because the environment was still set >to the servlet's environment rather than the .html file's environment. > > You can probably solve that problem by adding a <BASE HREF> tag in the <HEAD> > part of the HTML file, e.g. > > <HEAD> > <BASE HREF=/base/path/for/frame/pages> > </HEAD> > > or use absolute URLs for the frame pages. I just tried use absolute-absolute file names. In other words, if I include the 'http://localhost/path/to/frame.html' for each of my frames, then it works. If I leave out the 'http://localhost', then I get 'unable to find file' error messages for each frame file. Just to recap for everyone what I am trying to do: I am using a servlet to guard some html pages. The servlets checks to see if the user is logged in. Once logged in, I 'send' the user to the requested page. But all three 'send' approaches don't work: forward() doesn't work because static html is not supported. sendRedirect() doesn't work because it changes the URL, which is not what I want to happen. Directly opening the html file and sending the bytes back doesn't work because even though it gets the page, it can't find the frames referenced by the page. (I am sending back a top-level file with the frameset definition. It's the next step where the browser tries to load the frames that fails.) If I defined the frame src in the top-level file using *fully* qualified URL (e.g., http://localhost/path/to/frame.html) then everything works. Otherwise, if I only use src=/path/to/frame.html, it cannot find the files. I have a <BASE> tag in the top-level file as well. Can anyone explain why the frame URLs must have the protocol/hostname prefix (src=http://localhost/path/to/frame.html) and why 'just' absolute paths (src=/path/to/frame.html) don't work? (Not to mention that relative paths don't work either, which is what I started with.) Chris
begin:vcard n:Cobb;Christopher tel;cell:703-909-7550 tel;fax:703-648-7475 tel;work:703-648-6725 x-mozilla-html:TRUE org:Powerhouse Technologies, Inc. adr:;;;;;; version:2.1 email;internet:[EMAIL PROTECTED] title:SW Architect fn:Christopher Cobb end:vcard
