Not sure if Catalina.policy will do the trick. -----Original Message----- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: June 9, 2003 9:51 AM To: Tomcat Users List Subject: Re: Urgent : Can we restrict access to a directory in tomcat
Unfortunately, this doesn't always work. In the past, I've had problems with IE not sending the Referer header on some requests.<shrug/> G. Wade Tom Oinn wrote: > > The other way to do it would be to check the referer page, this seems to > be quite a common trick and will confound most people trying to link > directly to your images (which is what I imagine you're trying to > prevent). There may be a more elegant way of doing it, but you could > create a servlet that is mapped to your /images mount point which > inspects the referer field in the request and, assuming it is valid, > returns the appropriate content from a directory outside of your web > application. As all requests would go through the servlet you have > access control. > > Tom > > Shapira, Yoav wrote: > > Howdy, > > That one's tricky (and strange). When you have a servlet or JSP, the > > output the user sees is HTML. In HTML, you have <img> tags. The > > browser will request those images normally in HTTP requests. So from > > the server's perspective, the request is the same whether the user types > > in the image URL or you embed it in one of your pages. > > > > Would something like using a mangled images directory name ($KF_%# or > > something) be sufficient? A name that's hard for users to guess and use > > directly? > > > > Yoav Shapira > > Millennium ChemInformatics > > > > > > > >>-----Original Message----- > >>From: Syed Nayyer Kamran [mailto:[EMAIL PROTECTED] > >>Sent: Monday, June 09, 2003 9:33 PM > >>To: [EMAIL PROTECTED] > >>Subject: Urgent : Can we restrict access to a directory in tomcat > >> > >>hi there, > >> > >>I want to restrict the user to access the images directly through the > > > > web. > > > >>They should be able to access these images through web pages developed > > > > as > > > >>jsp/servlet but should not be able to access these images displayed on > > > > page > > > >>by copying the image url to the address bar. Is tomcat directly support > >>this functionality. or any other solution. > >> > >>Thanks in advance for any solution of the problem. > >> > >> > >>Nayyer Kamran > > > > > > > > > > > > This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
