You are viewing a plain text version of this content. The canonical link for it is here.
Posted to taglibs-dev@jakarta.apache.org by Abey Mullassery <ab...@mullassery.com> on 2004/04/22 16:17:50 UTC
Accessing protected images/ files
One of the recent feedback about the ImageTaglib was that it does not work when the webapp has a <security-constraint> (declared in the web.xml).
This is because the ImageTag uses "URL"s to fetch image files and not "File"s on the local/ server filesystem. This was done to allow access to any image on any server.
To solve the above mentioned auth problem temporarily, I use the "authorization" request header and set it to the URL of the image.
protected InputStream getImageStream() throws JspException, IOException {
URLConnection connection = getUrl(src).openConnection();
//TODO: Auth only if it is the same server
String auth = httpRequest.getHeader("Authorization");
if(auth!=null && auth.length()>0) {
connection.setRequestProperty("Authorization", auth);
}
return connection.getInputStream();
}
Is there a better way of doing it? How can it support other auth schemes?
Regards,
Abey Mullassery
http://www.mullassery.com
---------------------------------------------------------------------
To unsubscribe, e-mail: taglibs-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: taglibs-dev-help@jakarta.apache.org