You are viewing a plain text version of this content. The canonical link for it is here.

Posted to taglibs-dev@jakarta.apache.org by Abey Mullassery <ab...@mullassery.com> on 2004/04/22 16:17:50 UTC

Accessing protected images/ files

One of the recent feedback about the ImageTaglib was that it does not work when the webapp has a <security-constraint> (declared in the web.xml).
This is because the ImageTag uses "URL"s to fetch image files and not "File"s on the local/ server filesystem. This was done to allow access to any image on any server.

To solve the above mentioned auth problem temporarily, I use the "authorization" request header and set it to the URL of the image.

    protected InputStream getImageStream() throws JspException, IOException {
        URLConnection connection = getUrl(src).openConnection();
        //TODO: Auth only if it is the same server
        String auth = httpRequest.getHeader("Authorization");
        if(auth!=null && auth.length()>0) {
            connection.setRequestProperty("Authorization", auth);
        }
        return connection.getInputStream();
    }


Is there a better way of doing it? How can it support other auth schemes?

Regards,

Abey Mullassery
http://www.mullassery.com

---------------------------------------------------------------------
To unsubscribe, e-mail: taglibs-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: taglibs-dev-help@jakarta.apache.org