Hello,
this is how i upload and download my files.
I cannot help you for the security, i've implemented my own security
management that is completely separated form the Turbine security.
hope this helps.
Greetings
Fabio
Upload:
in a form in the VM:
<tr>
<td align="right" valign="top" bgcolor="#87B4F5"
bordercolor="#ffffff">
<font color="#000000" size=2 face="Verdana">
<strong>
Attach File:
</strong>
</font>
</td>
<td>
<input size=50 TYPE=FILE
NAME="Attach_$AttachItem.intValue()">
</td>
</tr>
in the Java:
//get the file from the form parameter parser
_upload = _formParams.getFileItem("Attach_" + k);
if (_upload != null && _upload.get().length != 0)
{
_attach = new Attachments();
_attach.setTransactionid(_transId);
_attach.setParentid(_masterAttachId);
_attach.setSubject("");
//get the size of the uploaded file
_intFileSize = _upload.getSize();
if (_intFileSize < 1024)
{
_fileSize = Integer.parseInt(String.valueOf(_intFileSize));
_attach.setSize(_fileSize + " b");
}
else
{
_intFileSize = _intFileSize / 1024;
_fileSize = Integer.parseInt(String.valueOf(_intFileSize));
_attach.setSize(_fileSize + " Kb");
}
_st = new StringTokenizer(_upload.getName(), "\\");
while (_st.hasMoreTokens())
{
_fileName = _st.nextToken();
}
_attach.setFilename(_fileName);
//get the content type
_attach.setContenttype(_upload.getContentType());
//get the content of the file. i save this in a BLOB field
on MySQL
_attach.setContent(_upload.get());
_attach.setCreatorid(_user.getId().toString());
_attach.setCreatedtimestamp(Calendar.getInstance().getTime());
_idFactory = new IdFactory();
_newId = _idFactory.getNewId("Attachments");
_attach.setId(_newId);
AttachmentsPeer.doInsert(_attach);
}
Download:
if (!isAuthorized(data))
{
// do something to tell the user they don't have permission
}
else
{
HttpServletResponse resp = data.getResponse();
_formParams = data.getParameters();
_session = data.getSession();
_attachid = _formParams.getString("attachid");
//System.out.println(data.getContextPath());
_criteria = new Criteria();
_criterion1 = null;
_criterion1 = _criteria.getNewCriterion(AttachmentsPeer.ID,
_attachid,
Criteria.EQUAL);
_criteria.add(_criterion1);
_result = AttachmentsPeer.doSelect(_criteria);
_attach = (Attachments) (_result.elementAt(0));
_contentType = _attach.getContenttype() + ";name=" + "\"" +
_attach.getFilename() + "\"";
resp.setContentType(_contentType);
resp.setContentLength(_attach.getContent().length);
//resp.setHeader("Content-Disposition", "attachment;
filename=" + _attach.getFilename() + " ;");
resp.setHeader("Content-Disposition", "inline; filename=\""
+ _attach.getFilename() + "\"");
data.declareDirectResponse();
//data.getResponse().setContentType(_contentType);
ServletOutputStream op = resp.getOutputStream();
op.write(_attach.getContent());
op.close();
}
}
public String getContentType(RunData data)
{
return "";
}
protected boolean isAuthorized(RunData data)
{
// do the security check here. Get whatever info you need
// about the user from RunData
return true;
}
apdas wrote:
>Hi friends,
>
>I am engaged in a team to design a highly customized portal. We need to
>upload html files to the server and persons having the required
>permission can only view it. How do I implement security on uploadad
>files ?
>How do I generate table of contents ?
>
>Can anybody help ?
>
>Regards,
>
>A.P.Das.
>
>--
>To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
>
--
Fabio Daprile
W�rth Phoenix srl - GmbH
Via Kravoglstrasse 4
39100 Bolzano / Bozen
Tel. +39 0471 564 111 - (direct 564068)
Fax + 39 0471 564 122
[EMAIL PROTECTED]
http://www.wuerth-phoenix.com
http://www.wuerth.com
Communication, Technology, Office - Medi@ 2002
Besuchen Sie uns auf der Fachmesse Medi@ 2002 (10. - 12. Oktober 2002), Stand 54/A03
auf der Bozner Messe.
Venite a trovarci alla Medi@ 2002 (10. - 12. ottobre 2002) al padiglione 54/A03 presso
la Fiera di Bolzano.
[EMAIL PROTECTED]
===============================================================================
CONFIDENTIALITY NOTICE: E-mail may contain confidential information that is
legally privileged. Do not read this e-mail if you are not the intended
recipient.
This e-mail transmission, and any documents, files or previous e-mail
messages attached to it may contain confidential information that is legally
privileged. If you are not the intended recipient, or a person responsible
for delivering it to the intended recipient, you are hereby notified that any
disclosure, copying, distribution or use of any of the information contained
in or attached to this transmission is STRICTLY PROHIBITED. If you have
received this transmission in error, please immediately notify us by reply
e-mail or by telephone at (+39) 0471-564111, and destroy the original
transmission and its attachments without reading or saving in any manner.
Thank you.
===============================================================================
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
