There is no guaranteed way to stop someone directly access a gif image via a browser url, because this is how an image is accessed by the browser itself anyways. The browser just makes a HTTP get request to the web-server (in this case tomcat) requesting the URL of the image to be included in the web page.
i.e. in a standard jsp/servlet response to a web request the image request is embedded in a <img src=".../somedir/some-img.gif">. This is going to cause a browser request directory to the directory containing the image, which can also be duplicated in the browser. The only potential method that can catch most (but not all) of these would be to create a separate image handling jsp/servlet, say imageHandler. When imageHanlder servlet recieves an image request it can check the http-referrer header and ensure that the referrer is the url of the page to which the images are supposed to load, i.e. is the page containing the images in /servlet/somepage then the http-referrer that imageHandler see should be able to checked that it is /servlet/somepage. Someone can circumvent this control by the Internet, but just manually setting this header themselves (via a program or the like) and then having access directly to the images You would then have to update all image referrences on the somepage servelt/jsp however to something like <img src="/servlet/imagehandler?gif=somerefernce">. On Mon, 2003-06-09 at 18:32, Syed Nayyer Kamran wrote: > hi there, > > I want to restrict the user to access the images directly through the web. They > should be able to access these images through web pages developed as jsp/servlet but > should not be able to access these images displayed on page by copying the image url > to the address bar. Is tomcat directly support this functionality. or any other > solution. > > Thanks in advance for any solution of the problem. > > > Nayyer Kamran >
