Re: Authentication for streaming file (OT)
Have you tried other browsers than MSIE? If it works for FireFox, then
you've probably hit http://issues.apache.org/bugzilla/show_bug.cgi?id=28750.
Mark Leone [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Slightly off-topic -- Tomcat related
I have a servlet that is invoked by clicking a hyperlink that is rendered
by a JSP running in Tomcat. The servlet receives a file path parameter in
the HTTP request, and then streams that file to the requesting client. I
have a security-constraint/ defined in Tomcat for the JSP, requiring
basic password authentication. However, if I define the
security-constraint/ so that it applies to the servlet also, then the
following error occurs when the servlet attempts to stream the file to the
client.
The browser presents the file info and prompts to save or open the file,
but then when the actual streaming is attempted, the browser reports that
the site is unreachable. This is apparently caused by the lack of any
authentication during the file streaming operation, because when I define
the security-constraint/ so that it applies to the JSP but not the
servlet, the problem does not occur. I don't really understand why it
behaves this way, since the servlet was invoked with proper authorization,
and the problem occurs only when the servlet starts streaming a file to
the client. But it does seem to be an authorization problem, since it goes
away when I don't constrain the servlet for authentication. I can operate
this way, but then my JSP is protected and the servlet is not.
Is there a way to specify authentication parameters during the file
streaming operation? Does anyone have an explanation for what I'm
experiencing? Here's my servlet code:
public class FileSender extends HttpServlet{
protected void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException{
String filename = request.getParameter(file);
File file = new File(filename);
MimetypesFileTypeMap mimeTypes = new MimetypesFileTypeMap
(C:\\Program Files\\Java\\jdk1.5.0_01\\lib\\mime.types);
String mime = mimeTypes.getContentType(file);
response.setContentType(mime);
response.setHeader(Content-Disposition, attachment;
+ filename= + file.getName());
FileInputStream in = new FileInputStream(file);
OutputStream out = response.getOutputStream();
byte[] buf = new byte[1024];
int i = 0;
while((i=in.read(buf))!=-1) {
out.write(buf, 0, i);
}
in.close();
out.close();
}
}
And here's my web.xml. With this configuration, the file downolad fails as
described above. To make it work, I remove the second url-pattern/
element as indicated.
!DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application
2.2//EN
http://java.sun.com/j2ee/dtds/web-app_2_2.dtd;
web-app
display-name
File Port
/display-name
description
Makes files available through the web container
/description
servlet
servlet-nameFilePort/servlet-name
description
Retrieves specified file and sends it to requester
/description
servlet-classFileSnatcher.FileSender/servlet-class
/servlet
servlet-mapping
servlet-nameFilePort/servlet-name
url-pattern/FilePort/url-pattern
/servlet-mapping
!-- Define a Security Constraint on this Application --
security-constraint
web-resource-collection
web-resource-nameFileSnatcher/web-resource-name
url-pattern*.jsp/url-pattern
url-pattern/FilePort/url-pattern !-- remove this to make it
work --
/web-resource-collection
auth-constraint
role-namemanager/role-name
/auth-constraint
/security-constraint
!-- Define the Login Configuration for this Application --
login-config
auth-methodBASIC/auth-method
realm-nameJDBCRealm/realm-name
/login-config
!-- Security roles referenced by this web application --
security-role
description
The role that is required to log in to the Manager Application
/description
role-namemanager/role-name
/security-role
/web-app
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication for streaming file (OT)
Yes, that's exactly my problem. It only fails with HTTPS connections on IE. It works with Firefox (using the built-in download manager or Flashgot) as well as Safari on a Mac. Nice to see, according to a posting in the BZ link you provided, that M$ has decided to label it a feature rather than a bug. I applied the workaround you described in BZ #27122, and it now works properly with all resources of the web app protected by a security-constraint/. Thanks for pointing me to the solution. -Mark Bill Barker wrote: Have you tried other browsers than MSIE? If it works for FireFox, then you've probably hit http://issues.apache.org/bugzilla/show_bug.cgi?id=28750. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Authentication for streaming file (OT)
Slightly off-topic -- Tomcat related
I have a servlet that is invoked by clicking a hyperlink that is
rendered by a JSP running in Tomcat. The servlet receives a file path
parameter in the HTTP request, and then streams that file to the
requesting client. I have a security-constraint/ defined in Tomcat for
the JSP, requiring basic password authentication. However, if I define
the security-constraint/ so that it applies to the servlet also, then
the following error occurs when the servlet attempts to stream the file
to the client.
The browser presents the file info and prompts to save or open the file,
but then when the actual streaming is attempted, the browser reports
that the site is unreachable. This is apparently caused by the lack of
any authentication during the file streaming operation, because when I
define the security-constraint/ so that it applies to the JSP but not
the servlet, the problem does not occur. I don't really understand why
it behaves this way, since the servlet was invoked with proper
authorization, and the problem occurs only when the servlet starts
streaming a file to the client. But it does seem to be an authorization
problem, since it goes away when I don't constrain the servlet for
authentication. I can operate this way, but then my JSP is protected and
the servlet is not.
Is there a way to specify authentication parameters during the file
streaming operation? Does anyone have an explanation for what I'm
experiencing? Here's my servlet code:
public class FileSender extends HttpServlet{
protected void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException{
String filename = request.getParameter(file);
File file = new File(filename);
MimetypesFileTypeMap mimeTypes = new MimetypesFileTypeMap
(C:\\Program Files\\Java\\jdk1.5.0_01\\lib\\mime.types);
String mime = mimeTypes.getContentType(file);
response.setContentType(mime);
response.setHeader(Content-Disposition, attachment;
+ filename= + file.getName());
FileInputStream in = new FileInputStream(file);
OutputStream out = response.getOutputStream();
byte[] buf = new byte[1024];
int i = 0;
while((i=in.read(buf))!=-1) {
out.write(buf, 0, i);
}
in.close();
out.close();
}
}
And here's my web.xml. With this configuration, the file downolad fails
as described above. To make it work, I remove the second url-pattern/
element as indicated.
!DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application
2.2//EN
http://java.sun.com/j2ee/dtds/web-app_2_2.dtd;
web-app
display-name
File Port
/display-name
description
Makes files available through the web container
/description
servlet
servlet-nameFilePort/servlet-name
description
Retrieves specified file and sends it to requester
/description
servlet-classFileSnatcher.FileSender/servlet-class
/servlet
servlet-mapping
servlet-nameFilePort/servlet-name
url-pattern/FilePort/url-pattern
/servlet-mapping
!-- Define a Security Constraint on this Application --
security-constraint
web-resource-collection
web-resource-nameFileSnatcher/web-resource-name
url-pattern*.jsp/url-pattern
url-pattern/FilePort/url-pattern !-- remove this to make it
work --
/web-resource-collection
auth-constraint
role-namemanager/role-name
/auth-constraint
/security-constraint
!-- Define the Login Configuration for this Application --
login-config
auth-methodBASIC/auth-method
realm-nameJDBCRealm/realm-name
/login-config
!-- Security roles referenced by this web application --
security-role
description
The role that is required to log in to the Manager Application
/description
role-namemanager/role-name
/security-role
/web-app
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
