Hi Maurice,
I understand what you're saying. I guess I'm not asking my question well. Let
me try again. The goal is to have the user click a button that downloads a PDF
file and displays it in a browser window such that the file is derived from a
non-public server directory (such as WEB-INF) and can therefore only be
retrieved from the Flex-based web app.
I can see from the servlet code below that the PDF file is returned in variable
resp. If I use Eugene's approach, the file gets saved in the user's chosen
directory. Thus, the user has no knowledge of where the file is located on the
server, and there's no way for the user to share a link with a non-user to
retrieve the file (although, of course, the user can always just e-mail the
file itself to a non-user; not much I can do about that). That is one working
process, but requires a business process allowing the Flex web app to access a
client directory, which I'm not permitted to do.
Alternatively, if I use the navigateToURL(new URLRequest(...)) approach, I was
thinking that somehow the PDF file was still downloaded, and stored in a
variable, and I was wondering how that variable gets used for the first
parameter in URLRequest().
Otherwise, if I simply use the servlet URL for that first parameter in
URLRequest(), couldn't someone use that same servlet URL outside of the web app
by entering it in a browser window any accomplish the same thing? If so, then
I'd need to do what you first proposed by having the servlet figure out if the
user that originally submitted the download request was currently logged in,
etc. I do have a timestamp when the user logs in, but not when he/she logs out
(since he/she could just close the browser window and I'd no knowledge of it,
etc.). So, I'd prefer not to go down that route. But if there was a way to
simply download the file to a variable (e.g. to cache memory) then open it
(even if the user must first be asked if he/she wants to open it as a second
step in the process, to get around any Flex security limitations, etc.), this
would seem cleaner. Perhaps that's not possible though.
----- Original Message -----
From: "Maurice Amsellem" <[email protected]>
To: [email protected]
Sent: Sunday, April 6, 2014 2:10:52 PM
Subject: RE: access PDF doc from inside Flex app but not outside?
The principle for FileReference.download() and navigateToUrl() are the same:
You call some URL that return some content.
In the case of download(), the returned content will be saved to some file
In the case of navigateToUrl() it will be displayed in the browser window
indicated in the second argument ( _blank, _self, etc...).
The "download" is implicit when you access to the url, it does not necessarily
mean there is a physical file behind.
The browser of the web app DOES NOT KNOW if it's a static file behind, or a
servlet that dynamically generates a PDF.
It could even be a dynamic PDF file generated on-the-fly when you access the
URL.
(this is for example what happens when you download your PDF phone or internet
bill from your ISP).
Make sure to set properly the contentType in your servlet, so that it's
recognized properly, that's all.
Is that clear enough ?
Maurice
-----Message d'origine-----
De : [email protected] [mailto:[email protected]]
Envoyé : dimanche 6 avril 2014 22:42
À : [email protected]
Objet : Re: access PDF doc from inside Flex app but not outside?
Hi Maurice, Yes I use Java middle tier, so Java servlet's are fine and can
access files in WEB-INF directory. I'm guess I'm still missing how to download
the file in the background and open it. Basically, how to execute this...
The PDF is then download and displayed directly in the browser, when
you access the link
The following command
_downloadFileRef.download(req,attachment.filename);
will open a window for the user to select a directory to download the file. But
I shouldn't do that, since I just want the file to be in cache, so what would I
use instead? That is, if I use navigateToURL( new URLRequest( ... ) ), then
what is the variable inside URLRequest(), and where does it come from?
----- Original Message -----
From: "Maurice Amsellem" <[email protected]>
To: [email protected]
Sent: Sunday, April 6, 2014 1:09:27 PM
Subject: RE: access PDF doc from inside Flex app but not outside?
Ok, so you are talking about the flex app itself.
But here, there is no need to write anything on the browser's side, so it's not
an issue.
I am assuming the flex app is served by a web app server of any kind.
I need to know how is your app architected on the server's side:
Is it a static web app (which I doubt) or a dynamic web app (php, JEE)
http://en.wikipedia.org/wiki/Application_server#Java_application_servers
If it's a JEE, then you can write servlets, and the web app server will be
allowed to read in the WEB-INF directory, so that's where you will store your
PDFs (in some sub-directory actually).
The PDF is then download and displayed directly in the browser, when you access
the link , and not saved to disk until users asks to save it.
Does this make sense to you ?
Maurice
-----Message d'origine-----
De : [email protected] [mailto:[email protected]] Envoyé : dimanche 6
avril 2014 21:31 À : [email protected] Objet : Re: access PDF doc from
inside Flex app but not outside?
Hi Maurice, it's a Flex app running in a Flash Player inside a browser. Desktop
only (not mobile). I should clarify that technically the Flex app may be able
to access the user's directories (at least from the discussion below that the
Flex technologies permits this) but my business logic says the app is not
allowed to access to a client's directories, networked printers, etc., so that
customers can feel more secure about using the application. So I can only work
with cache memory on the client's machine.
----- Original Message -----
From: "Maurice Amsellem" <[email protected]>
To: [email protected]
Sent: Sunday, April 6, 2014 11:58:26 AM
Subject: RE: access PDF doc from inside Flex app but not outside?
Sorry Eugene, the question was for modjklist, as he was the one that said " My app
isn't permitted to access a user's directory".
I wasn't sure whether he was talking about the flex app running in the browser
not being permitted to access local user directory, or the web app server (ie.
with servlets, etc) .
Maurice
-----Message d'origine-----
De : Eugene Ramirez [mailto:[email protected]] Envoyé : dimanche 6 avril
2014 20:35 À : [email protected] Objet : Re: access PDF doc from inside
Flex app but not outside?
It's a Flex app that runs using the Flash player inside a browser. When I
created the Flex app the application type was set to Web. So it would be a Flex
web app. Correct?
On Sun, Apr 6, 2014 at 11:19 AM, Maurice Amsellem <
[email protected]> wrote:
My app isn't permitted to access a user's directory
Do you mean the Flex app or the web app?
Maurice
-----Message d'origine-----
De : [email protected] [mailto:[email protected]] Envoyé :
dimanche 6 avril 2014 19:40 À : [email protected] Objet : Re:
access PDF doc from inside Flex app but not outside?
Thanks for the info Eugene and Maurice, My app isn't permitted to
access a user's directory. Can I simply download to cache memory, then
load it into browser from there? User can then save to his/her hard
drive from the browser if needed. If so, would the command be:
navigateToURL(new URLRequest( _downloadFileRef ));
----- Original Message -----
From: "Eugene Ramirez" <[email protected]>
To: [email protected]
Sent: Sunday, April 6, 2014 10:29:16 AM
Subject: Re: access PDF doc from inside Flex app but not outside?
navigateToURL will open in a new browser. The code I provided is for
downloading a file to directory that the user specifies. So what you
want to use navigateToURL as Maurice stated.
On Sun, Apr 6, 2014 at 8:43 AM, Maurice Amsellem <
[email protected]> wrote:
If you want to open the PDF in a new window, you can use an
alternate
way:
- create an URLRequest same way,
- then navigate to the url using navigateToURL( urlRequest,
"_blank");
See:
http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/f
la
sh/net/package.html#navigateToURL()
-----Message d'origine-----
De : [email protected] [mailto:[email protected]] Envoyé :
dimanche 6 avril 2014 16:46 À : [email protected] Objet : Re:
access PDF doc from inside Flex app but not outside?
Thanks so much Eugene,
The front end user never sees the actual filename of my file or
where on
my server it is stored.
Can you describe what the user does see in the client? That is, how
does he/she open the downloaded PDF file? Does the user need to go
to the Downloads folder to locate the file, then open it? Or, is
there another statement, perhaps in the function
downloadFileRef_complete, that opens the downloaded PDF file in a
new browser window (if so, what's the command and what shows in the
URL of that window)? It would help to see what's in
downloadFileRef_complete, and
downloadFileRef_progress (if possible).
----- Original Message -----
From: "Eugene Ramirez" <[email protected]>
To: [email protected]
Sent: Saturday, April 5, 2014 5:44:47 PM
Subject: Re: access PDF doc from inside Flex app but not outside?
One more thing. The front end user sees a nice filename associated
to some id. On the server this id has a record that has the actual
disk filename that I'm going to retrieve. The front end user never
sees the actual filename of my file or where on my server it is stored.
So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez
<[email protected]
wrote:
I have files stored on the server which can either be inside a
database or some other file the servlet has access but not under
the public_html directory and while I'm using JBOSS the servlet is
the one that returns the file the user has requested.
The piece of code the servlet executes is:
//find out the filename using some logic and checking if the user
has access rights //once I have it I execute the following code:
File file=new File(filename);
if (file.exists()){
resp.setContentType("application/x-download");
resp.setHeader("Content-Disposition", "attachment; filename=" +
clientFilenameToBeSavedAs); returnFile(filename,
resp.getOutputStream()); }else{ //System.out.println("file DOES
NOT exist:" + filename); //error handling goes here }
returnFile method
public static void returnFile(String filename, OutputStream out)
throws FileNotFoundException, IOException { InputStream in = null;
try { in = new BufferedInputStream(new FileInputStream(filename));
byte[] buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while
((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead);
} } finally { if (in != null) in.close(); } }
My FLEX code that will call the servlet method:
private function startDownloadingFile(attachment:Attachment):void{
if (_downloadFileRef==null) _downloadFileRef=new FileReference();
var req:URLRequest=new URLRequest(SERVER_URL); var
variables:URLVariables=new URLVariables();
variables.command=DOWNLOAD_ATTACHMENT;
variables.attachmentId=attachment.id;
variables.sessionId=Params.getInstance().get("sessionId");
req.data=variables;
_downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
downloadFileRef_progress);
_downloadFileRef.addEventListener(Event.COMPLETE,
downloadFileRef_complete);
_downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_can
ce
l)
;
try{
mx.managers.CursorManager.setBusyCursor();
_downloadFileRef.download(req,attachment.filename);
}catch(error:Error){
mx.managers.CursorManager.removeBusyCursor();
Alert.show("unable to download file","Error downloading file"); }
}
Note: My user has already been authenticated by the server and has
a sessionId that is unique to the user. On the server I have this
sessionId stored with a reference to the user. Anytime someone
wants to download a file I check the sessionId and see if its:
1) Valid
2) The filename the user is trying to download has access to
download the file
The servlet goes and gets the file that is not in a public
directory and sends it over.
Others might have a different method of doing this but this works
for
me.
Hopefully this helps.
Ruben
On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
[email protected]> wrote:
how does the servlet open the PDF in a new (client) browser
window
It's not the servlet, it's the flex app that is responsible of
opening the new window.
The servlet will simply read the bytes of the PDF file and write
them to the output stream, as if it was a static file (that what
the http server does actually)
And when it does open the PDF in a new browser window, wouldn't
the
full URL including token be shown in the browser (if so, someone
could copy this URL and e-mail to someone else to open it)?
The "security token" would be valid for the current user session only.
You could for example use the jsessionid as a key (or something
similar).
So if someone else that is not logged tries the same url, it will
not work.
Maurice
-----Message d'origine-----
De : [email protected] [mailto:[email protected]] Envoyé :
samedi 5 avril 2014 00:23 À : [email protected] Objet : Re:
access PDF doc from inside Flex app but not outside?
I call a few Java servlets in my app using HTTPService(),
although my app is not contained in a JEE Web App as far as I know.
Let me see if I follow... the servlet is called from within Flex
using a specific URL. I can append some text representing a
"security token" on that URL, which the servlet validates then ...
hmm, how does the servlet open the PDF in a new (client) browser
window (maybe you can refer me to a specific command I can
research to figure that
out)?
And when it does open the PDF in a new browser window, wouldn't
the full URL including token be shown in the browser (if so,
someone could copy this URL and e-mail to someone else to open it)?
----- Original Message -----
From: "Maurice Amsellem" <[email protected]>
To: [email protected]
Sent: Friday, April 4, 2014 3:05:50 PM
Subject: RE: access PDF doc from inside Flex app but not outside?
Then the PDF files would be stored in the private area of the
web-app (under WEB-INF) , so they can't be accessed directly.
There are probably variants of this, but I think you get the idea.
-----Message d'origine-----
De : Maurice Amsellem [mailto:[email protected]]
Envoyé : samedi 5 avril 2014 00:04 À : [email protected]
Objet
: RE: access PDF doc from inside Flex app but not outside?
If your app is contained in a JEE Web App, you could probably
write a servlet to download the PDF securely, using a "security
token" or
something.
The Flex App would simply request the servlet through its url to
get the PDF, and pass it the security token.
Makes sense ?
Maurice
-----Message d'origine-----
De : [email protected] [mailto:[email protected]] Envoyé :
vendredi 4 avril 2014 23:45 À : apache flex users Objet : access
PDF doc from inside Flex app but not outside?
I have a desktop Flex app that users register and login. I need
to provide these users access to technical documents in PDF format.
However, I don't want to put these docs in my server's
public_html directory because then any visitor can potentially
view them. Is there any way for the Flex app to open these PDF
files in a new browser window, while preventing their access by website
visitors?
That is, the files can only be opened when logged into the app,
and not by copying and pasting a link in an email that goes to
someone else
for them to open in any browser.
I understand the user can simply download the PDF file and e-mail
it if he/she really wants to (I'm just trying to make it a little
more
difficult).
I was thinking maybe there was a way to place the PDF files
somewhere in the Java application server since only Flex has
access there (a firewall blocks website visitors). Thought maybe
someone ran into this before and could help me see what's possible.
