I'm running the application in the browser so there are limitations imposed by the browser as to what you can do. One of the limitations I believe is that you can't automatically save and open files without user interaction. So for saving a file there has to be user interaction so you have to use FileReference. If it was an AIR app then the limitations would not exist. You can use navigateToURL to open the file in a new browser.
The downalodFileRef_complete just alerts the user that the file has completed downloading and removes the progress bar that I have. The downloadFileRef_progress has one line: progressBar.visible = true; Here's an example using navigateToURL that I use. I did strip some extra variables that I send. A servlet processes it. var variables:URLVariables=new URLVariables(); variables.command="GET_PDF"; variables.pdfId=id; var urlReq:URLRequest=new URLRequest(getLprUrl()); urlReq.method=URLRequestMethod.POST; urlReq.data=variables; flash.net.navigateToURL(urlReq,navigateToURL); On Sun, Apr 6, 2014 at 7:45 AM, <[email protected]> wrote: > Thanks so much Eugene, > > >The front end user never sees the actual filename of my file or where on > my server it is stored. > > Can you describe what the user does see in the client? That is, how does > he/she open the downloaded PDF file? Does the user need to go to the > Downloads folder to locate the file, then open it? Or, is there another > statement, perhaps in the function downloadFileRef_complete, that opens the > downloaded PDF file in a new browser window (if so, what's the command and > what shows in the URL of that window)? It would help to see what's in > downloadFileRef_complete, and downloadFileRef_progress (if possible). > > ----- Original Message ----- > > From: "Eugene Ramirez" <[email protected]> > To: [email protected] > Sent: Saturday, April 5, 2014 5:44:47 PM > Subject: Re: access PDF doc from inside Flex app but not outside? > > One more thing. The front end user sees a nice filename associated to some > id. On the server this id has a record that has the actual disk filename > that I'm going to retrieve. The front end user never sees the actual > filename of my file or where on my server it is stored. > > So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY > > On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez <[email protected] > >wrote: > > > I have files stored on the server which can either be inside a database > or > > some other file the servlet has access but not under the public_html > > directory and while I'm using JBOSS the servlet is the one that returns > the > > file the user has requested. > > > > The piece of code the servlet executes is: > > > > //find out the filename using some logic and checking if the user has > > access rights > > //once I have it I execute the following code: > > > > File file=new File(filename); > > if (file.exists()){ > > resp.setContentType("application/x-download"); > > resp.setHeader("Content-Disposition", "attachment; filename=" + > > clientFilenameToBeSavedAs); > > returnFile(filename, resp.getOutputStream()); > > }else{ > > //System.out.println("file DOES NOT exist:" + filename); > > //error handling goes here > > } > > > > > > > > > > returnFile method > > > > public static void returnFile(String filename, OutputStream out) > > throws FileNotFoundException, IOException { > > InputStream in = null; > > try { > > in = new BufferedInputStream(new FileInputStream(filename)); > > byte[] buf = new byte[4 * 1024]; // 4K buffer > > int bytesRead; > > while ((bytesRead = in.read(buf)) != -1) { > > out.write(buf, 0, bytesRead); > > } > > } finally { > > if (in != null) in.close(); > > } > > } > > > > > > > > My FLEX code that will call the servlet method: > > > > > > private function startDownloadingFile(attachment:Attachment):void{ > > if (_downloadFileRef==null) _downloadFileRef=new FileReference(); > > var req:URLRequest=new URLRequest(SERVER_URL); > > var variables:URLVariables=new URLVariables(); > > variables.command=DOWNLOAD_ATTACHMENT; > > variables.attachmentId=attachment.id; > > variables.sessionId=Params.getInstance().get("sessionId"); > > req.data=variables; > > _downloadFileRef.addEventListener(ProgressEvent.PROGRESS, > > downloadFileRef_progress); > > _downloadFileRef.addEventListener(Event.COMPLETE, > > downloadFileRef_complete); > > _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_cancel); > > try{ > > mx.managers.CursorManager.setBusyCursor(); > > _downloadFileRef.download(req,attachment.filename); > > }catch(error:Error){ > > mx.managers.CursorManager.removeBusyCursor(); > > Alert.show("unable to download file","Error downloading file"); > > } > > } > > > > > > Note: My user has already been authenticated by the server and has a > > sessionId that is unique to the user. On the server I have this sessionId > > stored with a reference to the user. Anytime someone wants to download a > > file I check the sessionId and see if its: > > 1) Valid > > 2) The filename the user is trying to download has access to download the > > file > > > > The servlet goes and gets the file that is not in a public directory and > > sends it over. > > > > Others might have a different method of doing this but this works for me. > > > > Hopefully this helps. > > Ruben > > > > > > > > On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem < > > [email protected]> wrote: > > > >> >how does the servlet open the PDF in a new (client) browser window > >> It's not the servlet, it's the flex app that is responsible of opening > >> the new window. > >> The servlet will simply read the bytes of the PDF file and write them to > >> the output stream, as if it was a static file (that what the http server > >> does actually) > >> > >> > And when it does open the PDF in a new browser window, wouldn't the > >> full URL including token be shown in the browser (if so, someone could > copy > >> this URL and e-mail to someone else to open it)? > >> The "security token" would be valid for the current user session only. > >> You could for example use the jsessionid as a key (or something > similar). > >> So if someone else that is not logged tries the same url, it will not > >> work. > >> > >> Maurice > >> > >> -----Message d'origine----- > >> De : [email protected] [mailto:[email protected]] > >> Envoyé : samedi 5 avril 2014 00:23 > >> À : [email protected] > >> Objet : Re: access PDF doc from inside Flex app but not outside? > >> > >> I call a few Java servlets in my app using HTTPService(), although my > app > >> is not contained in a JEE Web App as far as I know. > >> > >> Let me see if I follow... the servlet is called from within Flex using a > >> specific URL. I can append some text representing a "security token" on > >> that URL, which the servlet validates then ... hmm, how does the servlet > >> open the PDF in a new (client) browser window (maybe you can refer me > to a > >> specific command I can research to figure that out)? > >> > >> And when it does open the PDF in a new browser window, wouldn't the full > >> URL including token be shown in the browser (if so, someone could copy > this > >> URL and e-mail to someone else to open it)? > >> > >> > >> ----- Original Message ----- > >> > >> From: "Maurice Amsellem" <[email protected]> > >> To: [email protected] > >> Sent: Friday, April 4, 2014 3:05:50 PM > >> Subject: RE: access PDF doc from inside Flex app but not outside? > >> > >> Then the PDF files would be stored in the private area of the web-app > >> (under WEB-INF) , so they can't be accessed directly. > >> > >> There are probably variants of this, but I think you get the idea. > >> > >> -----Message d'origine----- > >> De : Maurice Amsellem [mailto:[email protected]] > >> Envoyé : samedi 5 avril 2014 00:04 > >> À : [email protected] > >> Objet : RE: access PDF doc from inside Flex app but not outside? > >> > >> If your app is contained in a JEE Web App, you could probably write a > >> servlet to download the PDF securely, using a "security token" or > something. > >> The Flex App would simply request the servlet through its url to get the > >> PDF, and pass it the security token. > >> > >> Makes sense ? > >> > >> Maurice > >> > >> -----Message d'origine----- > >> De : [email protected] [mailto:[email protected]] Envoyé : > >> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access PDF doc > >> from inside Flex app but not outside? > >> > >> I have a desktop Flex app that users register and login. I need to > >> provide these users access to technical documents in PDF format. > However, I > >> don't want to put these docs in my server's public_html directory > because > >> then any visitor can potentially view them. Is there any way for the > Flex > >> app to open these PDF files in a new browser window, while preventing > their > >> access by website visitors? That is, the files can only be opened when > >> logged into the app, and not by copying and pasting a link in an email > that > >> goes to someone else for them to open in any browser. > >> > >> I understand the user can simply download the PDF file and e-mail it if > >> he/she really wants to (I'm just trying to make it a little more > difficult). > >> > >> I was thinking maybe there was a way to place the PDF files somewhere in > >> the Java application server since only Flex has access there (a firewall > >> blocks website visitors). Thought maybe someone ran into this before and > >> could help me see what's possible. > >> > >> > > > >
