I wouldn't store any user files in context. If you have to store the files on the filesystem you better create some working dir and pass the path to that dir to your application as parameter.
The reason why you shouldn't store anything in context is that you usually deploy *.war file to application server/container and it expands it to its working dir, and your context folder appear under this working dir. When you re-deploy your app, app server may delete this content so you will loose your files. You can serve these files by returning StreamResponse, see example here: http://jumpstart.doublenegative.com.au/jumpstart/examples/navigation/returntypes1 On Fri, Sep 27, 2013 at 5:50 PM, Steve <steves...@gmail.com> wrote: > Hi, > > I have an application which requires a user to upload some files. They are > then saved somewhere. Currently that place is in the context, so for > example: > ${context:/userfiles/}${user.name}/{$id}/${filename} > > I do not think this is the best way to do it, as that means anyone who > knows that URL can go to it and see that file. These files should be > restricted for my application so only a particular user can see them. > > I need to be able to access the files in two ways: > 1- To do some processing on the server side, currently this is done with a > File object which has a full path on the local file system. > 2- To be able to send that content to the user, currently this is done by > using ${context:/}... etc. > > For example, the file may be a PDF. I may need to do something on the > server with that PDF, but I would also like to be able to embed that pdf > which I can currently do like this: > <object width="400" height="500" type="application/pdf" > data="${context:/userFiles}${fileUrlWithinContext}" id="pdf_content"> > <p>The PDF cannot be displayed, please update your browser.</p> > </object> > > If I wish to be able to serve this file, I believe it needs to be within > the context (Or maybe this is where I am wrong, but I can't find how else > to serve files). From there I can also mess with it on the server since I > have the local path to it. However, is there a way to protect these files? > > I assume I am doing something very, very wrong here but I just don't know > exactly what. I'd really appreciate some guidance. > > Thanks, > Steve > -- Dmitry Gusev AnjLab Team http://anjlab.com
