You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@flex.apache.org by mo...@comcast.net on 2014/04/04 23:44:54 UTC
access PDF doc from inside Flex app but not outside?
I have a desktop Flex app that users register and login. I need to provide these users access to technical documents in PDF format. However, I don't want to put these docs in my server's public_html directory because then any visitor can potentially view them. Is there any way for the Flex app to open these PDF files in a new browser window, while preventing their access by website visitors? That is, the files can only be opened when logged into the app, and not by copying and pasting a link in an email that goes to someone else for them to open in any browser.
I understand the user can simply download the PDF file and e-mail it if he/she really wants to (I'm just trying to make it a little more difficult).
I was thinking maybe there was a way to place the PDF files somewhere in the Java application server since only Flex has access there (a firewall blocks website visitors). Thought maybe someone ran into this before and could help me see what's possible.
Re: access PDF doc from inside Flex app but not outside?
Posted by Vincent Sotto <ds...@gmail.com>.
i tried flexpaper but you need to convert the document into swf using
swftools,
flexiframe is the easiest, no conversion to swf, works with pdf embedded on
html.
flexiframe works on simple javascripts and html4 tags
On Sun, Apr 6, 2014 at 4:22 PM, Maurice Amsellem <
maurice.amsellem@systar.com> wrote:
> Excellent Eugene, that's pretty much what I had in mind, although not as
> accurate.
> Thanks for providing the code.
>
> Maurice
>
> -----Message d'origine-----
> De : Eugene Ramirez [mailto:ramirez.eugene@gmail.com]
> Envoyé : dimanche 6 avril 2014 02:26
> À : users@flex.apache.org
> Objet : Re: access PDF doc from inside Flex app but not outside?
>
> I have files stored on the server which can either be inside a database or
> some other file the servlet has access but not under the public_html
> directory and while I'm using JBOSS the servlet is the one that returns the
> file the user has requested.
>
> The piece of code the servlet executes is:
>
> //find out the filename using some logic and checking if the user has
> access rights //once I have it I execute the following code:
>
> File file=new File(filename);
> if (file.exists()){
> resp.setContentType("application/x-download");
> resp.setHeader("Content-Disposition", "attachment; filename=" +
> clientFilenameToBeSavedAs); returnFile(filename, resp.getOutputStream());
> }else{ //System.out.println("file DOES NOT exist:" + filename);
> //error handling goes here }
>
>
>
>
> returnFile method
>
> public static void returnFile(String filename, OutputStream out) throws
> FileNotFoundException, IOException { InputStream in = null; try { in = new
> BufferedInputStream(new FileInputStream(filename)); byte[] buf = new byte[4
> * 1024]; // 4K buffer int bytesRead; while ((bytesRead = in.read(buf)) !=
> -1) { out.write(buf, 0, bytesRead); } } finally { if (in != null)
> in.close(); } }
>
>
>
> My FLEX code that will call the servlet method:
>
>
> private function startDownloadingFile(attachment:Attachment):void{
> if (_downloadFileRef==null) _downloadFileRef=new FileReference(); var
> req:URLRequest=new URLRequest(SERVER_URL); var variables:URLVariables=new
> URLVariables(); variables.command=DOWNLOAD_ATTACHMENT;
> variables.attachmentId=attachment.id;
> variables.sessionId=Params.getInstance().get("sessionId");
> req.data=variables;
> _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> downloadFileRef_progress);
> _downloadFileRef.addEventListener(Event.COMPLETE,
> downloadFileRef_complete);
> _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_cancel);
> try{
> mx.managers.CursorManager.setBusyCursor();
> _downloadFileRef.download(req,attachment.filename);
> }catch(error:Error){
> mx.managers.CursorManager.removeBusyCursor();
> Alert.show("unable to download file","Error downloading file"); } }
>
>
> Note: My user has already been authenticated by the server and has a
> sessionId that is unique to the user. On the server I have this sessionId
> stored with a reference to the user. Anytime someone wants to download a
> file I check the sessionId and see if its:
> 1) Valid
> 2) The filename the user is trying to download has access to download the
> file
>
> The servlet goes and gets the file that is not in a public directory and
> sends it over.
>
> Others might have a different method of doing this but this works for me.
>
> Hopefully this helps.
> Ruben
>
>
>
> On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> maurice.amsellem@systar.com> wrote:
>
> > >how does the servlet open the PDF in a new (client) browser window
> > It's not the servlet, it's the flex app that is responsible of opening
> > the new window.
> > The servlet will simply read the bytes of the PDF file and write them
> > to the output stream, as if it was a static file (that what the http
> > server does actually)
> >
> > > And when it does open the PDF in a new browser window, wouldn't the
> > > full
> > URL including token be shown in the browser (if so, someone could copy
> > this URL and e-mail to someone else to open it)?
> > The "security token" would be valid for the current user session only.
> > You could for example use the jsessionid as a key (or something similar).
> > So if someone else that is not logged tries the same url, it will not
> work.
> >
> > Maurice
> >
> > -----Message d'origine-----
> > De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re: access
> > PDF doc from inside Flex app but not outside?
> >
> > I call a few Java servlets in my app using HTTPService(), although my
> > app is not contained in a JEE Web App as far as I know.
> >
> > Let me see if I follow... the servlet is called from within Flex using
> > a specific URL. I can append some text representing a "security token"
> > on that URL, which the servlet validates then ... hmm, how does the
> > servlet open the PDF in a new (client) browser window (maybe you can
> > refer me to a specific command I can research to figure that out)?
> >
> > And when it does open the PDF in a new browser window, wouldn't the
> > full URL including token be shown in the browser (if so, someone could
> > copy this URL and e-mail to someone else to open it)?
> >
> >
> > ----- Original Message -----
> >
> > From: "Maurice Amsellem" <ma...@systar.com>
> > To: users@flex.apache.org
> > Sent: Friday, April 4, 2014 3:05:50 PM
> > Subject: RE: access PDF doc from inside Flex app but not outside?
> >
> > Then the PDF files would be stored in the private area of the web-app
> > (under WEB-INF) , so they can't be accessed directly.
> >
> > There are probably variants of this, but I think you get the idea.
> >
> > -----Message d'origine-----
> > De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> > Envoyé : samedi 5 avril 2014 00:04
> > À : users@flex.apache.org
> > Objet : RE: access PDF doc from inside Flex app but not outside?
> >
> > If your app is contained in a JEE Web App, you could probably write a
> > servlet to download the PDF securely, using a "security token" or
> something.
> > The Flex App would simply request the servlet through its url to get
> > the PDF, and pass it the security token.
> >
> > Makes sense ?
> >
> > Maurice
> >
> > -----Message d'origine-----
> > De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > vendredi 4 avril 2014 23:45 À : apache flex users Objet : access PDF
> > doc from inside Flex app but not outside?
> >
> > I have a desktop Flex app that users register and login. I need to
> > provide these users access to technical documents in PDF format.
> > However, I don't want to put these docs in my server's public_html
> > directory because then any visitor can potentially view them. Is there
> > any way for the Flex app to open these PDF files in a new browser
> > window, while preventing their access by website visitors? That is,
> > the files can only be opened when logged into the app, and not by
> > copying and pasting a link in an email that goes to someone else for
> them to open in any browser.
> >
> > I understand the user can simply download the PDF file and e-mail it
> > if he/she really wants to (I'm just trying to make it a little more
> difficult).
> >
> > I was thinking maybe there was a way to place the PDF files somewhere
> > in the Java application server since only Flex has access there (a
> > firewall blocks website visitors). Thought maybe someone ran into this
> > before and could help me see what's possible.
> >
> >
>
RE: access PDF doc from inside Flex app but not outside?
Posted by Maurice Amsellem <ma...@systar.com>.
Excellent Eugene, that's pretty much what I had in mind, although not as accurate.
Thanks for providing the code.
Maurice
-----Message d'origine-----
De : Eugene Ramirez [mailto:ramirez.eugene@gmail.com]
Envoyé : dimanche 6 avril 2014 02:26
À : users@flex.apache.org
Objet : Re: access PDF doc from inside Flex app but not outside?
I have files stored on the server which can either be inside a database or some other file the servlet has access but not under the public_html directory and while I'm using JBOSS the servlet is the one that returns the file the user has requested.
The piece of code the servlet executes is:
//find out the filename using some logic and checking if the user has access rights //once I have it I execute the following code:
File file=new File(filename);
if (file.exists()){
resp.setContentType("application/x-download");
resp.setHeader("Content-Disposition", "attachment; filename=" + clientFilenameToBeSavedAs); returnFile(filename, resp.getOutputStream()); }else{ //System.out.println("file DOES NOT exist:" + filename);
//error handling goes here }
returnFile method
public static void returnFile(String filename, OutputStream out) throws FileNotFoundException, IOException { InputStream in = null; try { in = new BufferedInputStream(new FileInputStream(filename)); byte[] buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while ((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead); } } finally { if (in != null) in.close(); } }
My FLEX code that will call the servlet method:
private function startDownloadingFile(attachment:Attachment):void{
if (_downloadFileRef==null) _downloadFileRef=new FileReference(); var req:URLRequest=new URLRequest(SERVER_URL); var variables:URLVariables=new URLVariables(); variables.command=DOWNLOAD_ATTACHMENT;
variables.attachmentId=attachment.id;
variables.sessionId=Params.getInstance().get("sessionId");
req.data=variables;
_downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
downloadFileRef_progress);
_downloadFileRef.addEventListener(Event.COMPLETE, downloadFileRef_complete); _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_cancel);
try{
mx.managers.CursorManager.setBusyCursor();
_downloadFileRef.download(req,attachment.filename);
}catch(error:Error){
mx.managers.CursorManager.removeBusyCursor();
Alert.show("unable to download file","Error downloading file"); } }
Note: My user has already been authenticated by the server and has a sessionId that is unique to the user. On the server I have this sessionId stored with a reference to the user. Anytime someone wants to download a file I check the sessionId and see if its:
1) Valid
2) The filename the user is trying to download has access to download the file
The servlet goes and gets the file that is not in a public directory and sends it over.
Others might have a different method of doing this but this works for me.
Hopefully this helps.
Ruben
On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem < maurice.amsellem@systar.com> wrote:
> >how does the servlet open the PDF in a new (client) browser window
> It's not the servlet, it's the flex app that is responsible of opening
> the new window.
> The servlet will simply read the bytes of the PDF file and write them
> to the output stream, as if it was a static file (that what the http
> server does actually)
>
> > And when it does open the PDF in a new browser window, wouldn't the
> > full
> URL including token be shown in the browser (if so, someone could copy
> this URL and e-mail to someone else to open it)?
> The "security token" would be valid for the current user session only.
> You could for example use the jsessionid as a key (or something similar).
> So if someone else that is not logged tries the same url, it will not work.
>
> Maurice
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re: access
> PDF doc from inside Flex app but not outside?
>
> I call a few Java servlets in my app using HTTPService(), although my
> app is not contained in a JEE Web App as far as I know.
>
> Let me see if I follow... the servlet is called from within Flex using
> a specific URL. I can append some text representing a "security token"
> on that URL, which the servlet validates then ... hmm, how does the
> servlet open the PDF in a new (client) browser window (maybe you can
> refer me to a specific command I can research to figure that out)?
>
> And when it does open the PDF in a new browser window, wouldn't the
> full URL including token be shown in the browser (if so, someone could
> copy this URL and e-mail to someone else to open it)?
>
>
> ----- Original Message -----
>
> From: "Maurice Amsellem" <ma...@systar.com>
> To: users@flex.apache.org
> Sent: Friday, April 4, 2014 3:05:50 PM
> Subject: RE: access PDF doc from inside Flex app but not outside?
>
> Then the PDF files would be stored in the private area of the web-app
> (under WEB-INF) , so they can't be accessed directly.
>
> There are probably variants of this, but I think you get the idea.
>
> -----Message d'origine-----
> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> Envoyé : samedi 5 avril 2014 00:04
> À : users@flex.apache.org
> Objet : RE: access PDF doc from inside Flex app but not outside?
>
> If your app is contained in a JEE Web App, you could probably write a
> servlet to download the PDF securely, using a "security token" or something.
> The Flex App would simply request the servlet through its url to get
> the PDF, and pass it the security token.
>
> Makes sense ?
>
> Maurice
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access PDF
> doc from inside Flex app but not outside?
>
> I have a desktop Flex app that users register and login. I need to
> provide these users access to technical documents in PDF format.
> However, I don't want to put these docs in my server's public_html
> directory because then any visitor can potentially view them. Is there
> any way for the Flex app to open these PDF files in a new browser
> window, while preventing their access by website visitors? That is,
> the files can only be opened when logged into the app, and not by
> copying and pasting a link in an email that goes to someone else for them to open in any browser.
>
> I understand the user can simply download the PDF file and e-mail it
> if he/she really wants to (I'm just trying to make it a little more difficult).
>
> I was thinking maybe there was a way to place the PDF files somewhere
> in the Java application server since only Flex has access there (a
> firewall blocks website visitors). Thought maybe someone ran into this
> before and could help me see what's possible.
>
>
Re: access PDF doc from inside Flex app but not outside?
Posted by Eugene Ramirez <ra...@gmail.com>.
I'm running the application in the browser so there are limitations imposed
by the browser as to what you can do. One of the limitations I believe is
that you can't automatically save and open files without user interaction.
So for saving a file there has to be user interaction so you have to use
FileReference. If it was an AIR app then the limitations would not exist.
You can use navigateToURL to open the file in a new browser.
The downalodFileRef_complete just alerts the user that the file has
completed downloading and removes the progress bar that I have. The
downloadFileRef_progress has one line: progressBar.visible = true;
Here's an example using navigateToURL that I use. I did strip some extra
variables that I send. A servlet processes it.
var variables:URLVariables=new URLVariables();
variables.command="GET_PDF";
variables.pdfId=id;
var urlReq:URLRequest=new URLRequest(getLprUrl());
urlReq.method=URLRequestMethod.POST;
urlReq.data=variables;
flash.net.navigateToURL(urlReq,navigateToURL);
On Sun, Apr 6, 2014 at 7:45 AM, <mo...@comcast.net> wrote:
> Thanks so much Eugene,
>
> >The front end user never sees the actual filename of my file or where on
> my server it is stored.
>
> Can you describe what the user does see in the client? That is, how does
> he/she open the downloaded PDF file? Does the user need to go to the
> Downloads folder to locate the file, then open it? Or, is there another
> statement, perhaps in the function downloadFileRef_complete, that opens the
> downloaded PDF file in a new browser window (if so, what's the command and
> what shows in the URL of that window)? It would help to see what's in
> downloadFileRef_complete, and downloadFileRef_progress (if possible).
>
> ----- Original Message -----
>
> From: "Eugene Ramirez" <ra...@gmail.com>
> To: users@flex.apache.org
> Sent: Saturday, April 5, 2014 5:44:47 PM
> Subject: Re: access PDF doc from inside Flex app but not outside?
>
> One more thing. The front end user sees a nice filename associated to some
> id. On the server this id has a record that has the actual disk filename
> that I'm going to retrieve. The front end user never sees the actual
> filename of my file or where on my server it is stored.
>
> So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
>
> On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez <ramirez.eugene@gmail.com
> >wrote:
>
> > I have files stored on the server which can either be inside a database
> or
> > some other file the servlet has access but not under the public_html
> > directory and while I'm using JBOSS the servlet is the one that returns
> the
> > file the user has requested.
> >
> > The piece of code the servlet executes is:
> >
> > //find out the filename using some logic and checking if the user has
> > access rights
> > //once I have it I execute the following code:
> >
> > File file=new File(filename);
> > if (file.exists()){
> > resp.setContentType("application/x-download");
> > resp.setHeader("Content-Disposition", "attachment; filename=" +
> > clientFilenameToBeSavedAs);
> > returnFile(filename, resp.getOutputStream());
> > }else{
> > //System.out.println("file DOES NOT exist:" + filename);
> > //error handling goes here
> > }
> >
> >
> >
> >
> > returnFile method
> >
> > public static void returnFile(String filename, OutputStream out)
> > throws FileNotFoundException, IOException {
> > InputStream in = null;
> > try {
> > in = new BufferedInputStream(new FileInputStream(filename));
> > byte[] buf = new byte[4 * 1024]; // 4K buffer
> > int bytesRead;
> > while ((bytesRead = in.read(buf)) != -1) {
> > out.write(buf, 0, bytesRead);
> > }
> > } finally {
> > if (in != null) in.close();
> > }
> > }
> >
> >
> >
> > My FLEX code that will call the servlet method:
> >
> >
> > private function startDownloadingFile(attachment:Attachment):void{
> > if (_downloadFileRef==null) _downloadFileRef=new FileReference();
> > var req:URLRequest=new URLRequest(SERVER_URL);
> > var variables:URLVariables=new URLVariables();
> > variables.command=DOWNLOAD_ATTACHMENT;
> > variables.attachmentId=attachment.id;
> > variables.sessionId=Params.getInstance().get("sessionId");
> > req.data=variables;
> > _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> > downloadFileRef_progress);
> > _downloadFileRef.addEventListener(Event.COMPLETE,
> > downloadFileRef_complete);
> > _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_cancel);
> > try{
> > mx.managers.CursorManager.setBusyCursor();
> > _downloadFileRef.download(req,attachment.filename);
> > }catch(error:Error){
> > mx.managers.CursorManager.removeBusyCursor();
> > Alert.show("unable to download file","Error downloading file");
> > }
> > }
> >
> >
> > Note: My user has already been authenticated by the server and has a
> > sessionId that is unique to the user. On the server I have this sessionId
> > stored with a reference to the user. Anytime someone wants to download a
> > file I check the sessionId and see if its:
> > 1) Valid
> > 2) The filename the user is trying to download has access to download the
> > file
> >
> > The servlet goes and gets the file that is not in a public directory and
> > sends it over.
> >
> > Others might have a different method of doing this but this works for me.
> >
> > Hopefully this helps.
> > Ruben
> >
> >
> >
> > On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> > maurice.amsellem@systar.com> wrote:
> >
> >> >how does the servlet open the PDF in a new (client) browser window
> >> It's not the servlet, it's the flex app that is responsible of opening
> >> the new window.
> >> The servlet will simply read the bytes of the PDF file and write them to
> >> the output stream, as if it was a static file (that what the http server
> >> does actually)
> >>
> >> > And when it does open the PDF in a new browser window, wouldn't the
> >> full URL including token be shown in the browser (if so, someone could
> copy
> >> this URL and e-mail to someone else to open it)?
> >> The "security token" would be valid for the current user session only.
> >> You could for example use the jsessionid as a key (or something
> similar).
> >> So if someone else that is not logged tries the same url, it will not
> >> work.
> >>
> >> Maurice
> >>
> >> -----Message d'origine-----
> >> De : modjklist@comcast.net [mailto:modjklist@comcast.net]
> >> Envoyé : samedi 5 avril 2014 00:23
> >> À : users@flex.apache.org
> >> Objet : Re: access PDF doc from inside Flex app but not outside?
> >>
> >> I call a few Java servlets in my app using HTTPService(), although my
> app
> >> is not contained in a JEE Web App as far as I know.
> >>
> >> Let me see if I follow... the servlet is called from within Flex using a
> >> specific URL. I can append some text representing a "security token" on
> >> that URL, which the servlet validates then ... hmm, how does the servlet
> >> open the PDF in a new (client) browser window (maybe you can refer me
> to a
> >> specific command I can research to figure that out)?
> >>
> >> And when it does open the PDF in a new browser window, wouldn't the full
> >> URL including token be shown in the browser (if so, someone could copy
> this
> >> URL and e-mail to someone else to open it)?
> >>
> >>
> >> ----- Original Message -----
> >>
> >> From: "Maurice Amsellem" <ma...@systar.com>
> >> To: users@flex.apache.org
> >> Sent: Friday, April 4, 2014 3:05:50 PM
> >> Subject: RE: access PDF doc from inside Flex app but not outside?
> >>
> >> Then the PDF files would be stored in the private area of the web-app
> >> (under WEB-INF) , so they can't be accessed directly.
> >>
> >> There are probably variants of this, but I think you get the idea.
> >>
> >> -----Message d'origine-----
> >> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> >> Envoyé : samedi 5 avril 2014 00:04
> >> À : users@flex.apache.org
> >> Objet : RE: access PDF doc from inside Flex app but not outside?
> >>
> >> If your app is contained in a JEE Web App, you could probably write a
> >> servlet to download the PDF securely, using a "security token" or
> something.
> >> The Flex App would simply request the servlet through its url to get the
> >> PDF, and pass it the security token.
> >>
> >> Makes sense ?
> >>
> >> Maurice
> >>
> >> -----Message d'origine-----
> >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> >> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access PDF doc
> >> from inside Flex app but not outside?
> >>
> >> I have a desktop Flex app that users register and login. I need to
> >> provide these users access to technical documents in PDF format.
> However, I
> >> don't want to put these docs in my server's public_html directory
> because
> >> then any visitor can potentially view them. Is there any way for the
> Flex
> >> app to open these PDF files in a new browser window, while preventing
> their
> >> access by website visitors? That is, the files can only be opened when
> >> logged into the app, and not by copying and pasting a link in an email
> that
> >> goes to someone else for them to open in any browser.
> >>
> >> I understand the user can simply download the PDF file and e-mail it if
> >> he/she really wants to (I'm just trying to make it a little more
> difficult).
> >>
> >> I was thinking maybe there was a way to place the PDF files somewhere in
> >> the Java application server since only Flex has access there (a firewall
> >> blocks website visitors). Thought maybe someone ran into this before and
> >> could help me see what's possible.
> >>
> >>
> >
>
>
Re: access PDF doc from inside Flex app but not outside?
Posted by Javier Guerrero García <ja...@gmail.com>.
Two stupid questions here:
1. What about using a standard StageWebView to open a standard PDF using
standard HTTP auth? User don't have access to the URL, you don't have to
exit your application, files will only be available for those with the
credentials, ...
2. If we can asume up-to-date browsers, why not creating a faily simple php
that checks the user permissions and serves the PDF files as data uris?
On Mon, Apr 7, 2014 at 12:50 AM, Maurice Amsellem <
maurice.amsellem@systar.com> wrote:
> >but requires a business process allowing the Flex web app to access a
> client directory, which I'm not permitted to do.
> You mean Flex App is not allowed to write on the user's disk, even if
> allowed by the user?
> If that's the case, then you cannot use this approach.
>
> So you are left with the second option ( navigateToUrl to new window).
>
> >Otherwise, if I simply use the servlet URL for that first parameter in
> URLRequest(), couldn't someone use that same servlet URL outside of the web
> app by entering >it in a browser window any accomplish the same thing? If
> so, then I'd need to do what you first proposed by having the servlet
> figure out if the user that originally >submitted the download request was
> currently logged in,
>
> Since the url request is sent from the same browser as the flex app, it's
> in the same user session, so you can simply pass the session id in the url
> to the servlet call and check it in the servlet, and fail it doesn't match.
>
> The code was described in detail by Eugene, so refer to it:
> > var req:URLRequest=new URLRequest(SERVER_URL); var
> > > > variables:URLVariables=new URLVariables();
> > > > variables.command=DOWNLOAD_ATTACHMENT;
> > > > variables.attachmentId=attachment.id;
> > > > variables.sessionId=Params.getInstance().get("sessionId");
> > > > req.data=variables;
>
> http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/URLVariables.html#includeExamplesSummary
>
> If someone tries the same URL from a different browser, or at a different
> time, the sessionid will not be the same or will not exist at all, so it
> will fail. So it's secured.
>
> Play with these options and try for yourself.
>
> Maurice
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net]
> Envoyé : dimanche 6 avril 2014 23:48
> À : users@flex.apache.org
> Objet : Re: access PDF doc from inside Flex app but not outside?
>
> Hi Maurice,
>
> I understand what you're saying. I guess I'm not asking my question well.
> Let me try again. The goal is to have the user click a button that
> downloads a PDF file and displays it in a browser window such that the file
> is derived from a non-public server directory (such as WEB-INF) and can
> therefore only be retrieved from the Flex-based web app.
>
> I can see from the servlet code below that the PDF file is returned in
> variable resp. If I use Eugene's approach, the file gets saved in the
> user's chosen directory. Thus, the user has no knowledge of where the file
> is located on the server, and there's no way for the user to share a link
> with a non-user to retrieve the file (although, of course, the user can
> always just e-mail the file itself to a non-user; not much I can do about
> that). That is one working process, but requires a business process
> allowing the Flex web app to access a client directory, which I'm not
> permitted to do.
>
> Alternatively, if I use the navigateToURL(new URLRequest(...)) approach, I
> was thinking that somehow the PDF file was still downloaded, and stored in
> a variable, and I was wondering how that variable gets used for the first
> parameter in URLRequest().
>
> Otherwise, if I simply use the servlet URL for that first parameter in
> URLRequest(), couldn't someone use that same servlet URL outside of the web
> app by entering it in a browser window any accomplish the same thing? If
> so, then I'd need to do what you first proposed by having the servlet
> figure out if the user that originally submitted the download request was
> currently logged in, etc. I do have a timestamp when the user logs in, but
> not when he/she logs out (since he/she could just close the browser window
> and I'd no knowledge of it, etc.). So, I'd prefer not to go down that
> route. But if there was a way to simply download the file to a variable
> (e.g. to cache memory) then open it (even if the user must first be asked
> if he/she wants to open it as a second step in the process, to get around
> any Flex security limitations, etc.), this would seem cleaner. Perhaps
> that's not possible though.
>
>
>
>
RE: access PDF doc from inside Flex app but not outside?
Posted by Maurice Amsellem <ma...@systar.com>.
>but requires a business process allowing the Flex web app to access a client directory, which I'm not permitted to do.
You mean Flex App is not allowed to write on the user's disk, even if allowed by the user?
If that's the case, then you cannot use this approach.
So you are left with the second option ( navigateToUrl to new window).
>Otherwise, if I simply use the servlet URL for that first parameter in URLRequest(), couldn't someone use that same servlet URL outside of the web app by entering >it in a browser window any accomplish the same thing? If so, then I'd need to do what you first proposed by having the servlet figure out if the user that originally >submitted the download request was currently logged in,
Since the url request is sent from the same browser as the flex app, it's in the same user session, so you can simply pass the session id in the url to the servlet call and check it in the servlet, and fail it doesn't match.
The code was described in detail by Eugene, so refer to it:
> var req:URLRequest=new URLRequest(SERVER_URL); var
> > > variables:URLVariables=new URLVariables();
> > > variables.command=DOWNLOAD_ATTACHMENT;
> > > variables.attachmentId=attachment.id;
> > > variables.sessionId=Params.getInstance().get("sessionId");
> > > req.data=variables;
http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/URLVariables.html#includeExamplesSummary
If someone tries the same URL from a different browser, or at a different time, the sessionid will not be the same or will not exist at all, so it will fail. So it's secured.
Play with these options and try for yourself.
Maurice
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net]
Envoyé : dimanche 6 avril 2014 23:48
À : users@flex.apache.org
Objet : Re: access PDF doc from inside Flex app but not outside?
Hi Maurice,
I understand what you're saying. I guess I'm not asking my question well. Let me try again. The goal is to have the user click a button that downloads a PDF file and displays it in a browser window such that the file is derived from a non-public server directory (such as WEB-INF) and can therefore only be retrieved from the Flex-based web app.
I can see from the servlet code below that the PDF file is returned in variable resp. If I use Eugene's approach, the file gets saved in the user's chosen directory. Thus, the user has no knowledge of where the file is located on the server, and there's no way for the user to share a link with a non-user to retrieve the file (although, of course, the user can always just e-mail the file itself to a non-user; not much I can do about that). That is one working process, but requires a business process allowing the Flex web app to access a client directory, which I'm not permitted to do.
Alternatively, if I use the navigateToURL(new URLRequest(...)) approach, I was thinking that somehow the PDF file was still downloaded, and stored in a variable, and I was wondering how that variable gets used for the first parameter in URLRequest().
Otherwise, if I simply use the servlet URL for that first parameter in URLRequest(), couldn't someone use that same servlet URL outside of the web app by entering it in a browser window any accomplish the same thing? If so, then I'd need to do what you first proposed by having the servlet figure out if the user that originally submitted the download request was currently logged in, etc. I do have a timestamp when the user logs in, but not when he/she logs out (since he/she could just close the browser window and I'd no knowledge of it, etc.). So, I'd prefer not to go down that route. But if there was a way to simply download the file to a variable (e.g. to cache memory) then open it (even if the user must first be asked if he/she wants to open it as a second step in the process, to get around any Flex security limitations, etc.), this would seem cleaner. Perhaps that's not possible though.
Re: access PDF doc from inside Flex app but not outside?
Posted by Thiago Maia <a0...@a00s.com>.
How I would do and what I actually do.
Iframe in the html, from flex called from a javascript.
From the flex I would also put the iframe in the position of a
windows so if we move the window we can collect the iframe that is
inside a div in the mysql and move as if is inside the flex.
From the servlet side, I would make a database with a MD5 hash key
loading the file and sending to the client, in the end of the hash I
would add a timestamp and limit in seconds this timestamp. If want to
make more complicated can limit the IP soh the person should access both
from the same a ip and the same window time. Or you could just make a
printer pool with a hashkey -).
just my 5 cents.
best regards
On 2014-04-06 2:47 PM, modjklist@comcast.net wrote:
> Hi Maurice,
>
> I understand what you're saying. I guess I'm not asking my question well. Let me try again. The goal is to have the user click a button that downloads a PDF file and displays it in a browser window such that the file is derived from a non-public server directory (such as WEB-INF) and can therefore only be retrieved from the Flex-based web app.
>
> I can see from the servlet code below that the PDF file is returned in variable resp. If I use Eugene's approach, the file gets saved in the user's chosen directory. Thus, the user has no knowledge of where the file is located on the server, and there's no way for the user to share a link with a non-user to retrieve the file (although, of course, the user can always just e-mail the file itself to a non-user; not much I can do about that). That is one working process, but requires a business process allowing the Flex web app to access a client directory, which I'm not permitted to do.
>
> Alternatively, if I use the navigateToURL(new URLRequest(...)) approach, I was thinking that somehow the PDF file was still downloaded, and stored in a variable, and I was wondering how that variable gets used for the first parameter in URLRequest().
>
> Otherwise, if I simply use the servlet URL for that first parameter in URLRequest(), couldn't someone use that same servlet URL outside of the web app by entering it in a browser window any accomplish the same thing? If so, then I'd need to do what you first proposed by having the servlet figure out if the user that originally submitted the download request was currently logged in, etc. I do have a timestamp when the user logs in, but not when he/she logs out (since he/she could just close the browser window and I'd no knowledge of it, etc.). So, I'd prefer not to go down that route. But if there was a way to simply download the file to a variable (e.g. to cache memory) then open it (even if the user must first be asked if he/she wants to open it as a second step in the process, to get around any Flex security limitations, etc.), this would seem cleaner. Perhaps that's not possible though.
>
> ----- Original Message -----
>
> From: "Maurice Amsellem" <ma...@systar.com>
> To: users@flex.apache.org
> Sent: Sunday, April 6, 2014 2:10:52 PM
> Subject: RE: access PDF doc from inside Flex app but not outside?
>
> The principle for FileReference.download() and navigateToUrl() are the same:
> You call some URL that return some content.
> In the case of download(), the returned content will be saved to some file
> In the case of navigateToUrl() it will be displayed in the browser window indicated in the second argument ( _blank, _self, etc...).
>
> The "download" is implicit when you access to the url, it does not necessarily mean there is a physical file behind.
> The browser of the web app DOES NOT KNOW if it's a static file behind, or a servlet that dynamically generates a PDF.
> It could even be a dynamic PDF file generated on-the-fly when you access the URL.
> (this is for example what happens when you download your PDF phone or internet bill from your ISP).
>
> Make sure to set properly the contentType in your servlet, so that it's recognized properly, that's all.
>
> Is that clear enough ?
>
> Maurice
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net]
> Envoyé : dimanche 6 avril 2014 22:42
> À : users@flex.apache.org
> Objet : Re: access PDF doc from inside Flex app but not outside?
>
> Hi Maurice, Yes I use Java middle tier, so Java servlet's are fine and can access files in WEB-INF directory. I'm guess I'm still missing how to download the file in the background and open it. Basically, how to execute this...
>
>> The PDF is then download and displayed directly in the browser, when
>> you access the link
> The following command
>
> _downloadFileRef.download(req,attachment.filename);
>
> will open a window for the user to select a directory to download the file. But I shouldn't do that, since I just want the file to be in cache, so what would I use instead? That is, if I use navigateToURL( new URLRequest( ... ) ), then what is the variable inside URLRequest(), and where does it come from?
>
>
> ----- Original Message -----
>
> From: "Maurice Amsellem" <ma...@systar.com>
> To: users@flex.apache.org
> Sent: Sunday, April 6, 2014 1:09:27 PM
> Subject: RE: access PDF doc from inside Flex app but not outside?
>
> Ok, so you are talking about the flex app itself.
> But here, there is no need to write anything on the browser's side, so it's not an issue.
>
> I am assuming the flex app is served by a web app server of any kind.
> I need to know how is your app architected on the server's side:
> Is it a static web app (which I doubt) or a dynamic web app (php, JEE) http://en.wikipedia.org/wiki/Application_server#Java_application_servers
>
> If it's a JEE, then you can write servlets, and the web app server will be allowed to read in the WEB-INF directory, so that's where you will store your PDFs (in some sub-directory actually).
>
> The PDF is then download and displayed directly in the browser, when you access the link , and not saved to disk until users asks to save it.
>
> Does this make sense to you ?
>
> Maurice
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé : dimanche 6 avril 2014 21:31 À : users@flex.apache.org Objet : Re: access PDF doc from inside Flex app but not outside?
>
> Hi Maurice, it's a Flex app running in a Flash Player inside a browser. Desktop only (not mobile). I should clarify that technically the Flex app may be able to access the user's directories (at least from the discussion below that the Flex technologies permits this) but my business logic says the app is not allowed to access to a client's directories, networked printers, etc., so that customers can feel more secure about using the application. So I can only work with cache memory on the client's machine.
>
>
>
> ----- Original Message -----
>
> From: "Maurice Amsellem" <ma...@systar.com>
> To: users@flex.apache.org
> Sent: Sunday, April 6, 2014 11:58:26 AM
> Subject: RE: access PDF doc from inside Flex app but not outside?
>
> Sorry Eugene, the question was for modjklist, as he was the one that said " My app isn't permitted to access a user's directory".
> I wasn't sure whether he was talking about the flex app running in the browser not being permitted to access local user directory, or the web app server (ie. with servlets, etc) .
>
> Maurice
>
> -----Message d'origine-----
> De : Eugene Ramirez [mailto:ramirez.eugene@gmail.com] Envoyé : dimanche 6 avril 2014 20:35 À : users@flex.apache.org Objet : Re: access PDF doc from inside Flex app but not outside?
>
> It's a Flex app that runs using the Flash player inside a browser. When I created the Flex app the application type was set to Web. So it would be a Flex web app. Correct?
>
>
> On Sun, Apr 6, 2014 at 11:19 AM, Maurice Amsellem < maurice.amsellem@systar.com> wrote:
>
>>> My app isn't permitted to access a user's directory
>> Do you mean the Flex app or the web app?
>>
>> Maurice
>>
>>
>> -----Message d'origine-----
>> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
>> dimanche 6 avril 2014 19:40 À : users@flex.apache.org Objet : Re:
>> access PDF doc from inside Flex app but not outside?
>>
>> Thanks for the info Eugene and Maurice, My app isn't permitted to
>> access a user's directory. Can I simply download to cache memory, then
>> load it into browser from there? User can then save to his/her hard
>> drive from the browser if needed. If so, would the command be:
>>
>> navigateToURL(new URLRequest( _downloadFileRef ));
>>
>>
>> ----- Original Message -----
>>
>> From: "Eugene Ramirez" <ra...@gmail.com>
>> To: users@flex.apache.org
>> Sent: Sunday, April 6, 2014 10:29:16 AM
>> Subject: Re: access PDF doc from inside Flex app but not outside?
>>
>> navigateToURL will open in a new browser. The code I provided is for
>> downloading a file to directory that the user specifies. So what you
>> want to use navigateToURL as Maurice stated.
>>
>>
>> On Sun, Apr 6, 2014 at 8:43 AM, Maurice Amsellem <
>> maurice.amsellem@systar.com> wrote:
>>
>>> If you want to open the PDF in a new window, you can use an
>>> alternate
>> way:
>>> - create an URLRequest same way,
>>> - then navigate to the url using navigateToURL( urlRequest,
>>> "_blank");
>>>
>>> See:
>>>
>>> http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/f
>>> la
>>> sh/net/package.html#navigateToURL()
>>>
>>>
>>>
>>> -----Message d'origine-----
>>> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
>>> dimanche 6 avril 2014 16:46 À : users@flex.apache.org Objet : Re:
>>> access PDF doc from inside Flex app but not outside?
>>>
>>> Thanks so much Eugene,
>>>
>>>> The front end user never sees the actual filename of my file or
>>>> where on
>>> my server it is stored.
>>>
>>> Can you describe what the user does see in the client? That is, how
>>> does he/she open the downloaded PDF file? Does the user need to go
>>> to the Downloads folder to locate the file, then open it? Or, is
>>> there another statement, perhaps in the function
>>> downloadFileRef_complete, that opens the downloaded PDF file in a
>>> new browser window (if so, what's the command and what shows in the
>>> URL of that window)? It would help to see what's in
>>> downloadFileRef_complete, and
>> downloadFileRef_progress (if possible).
>>> ----- Original Message -----
>>>
>>> From: "Eugene Ramirez" <ra...@gmail.com>
>>> To: users@flex.apache.org
>>> Sent: Saturday, April 5, 2014 5:44:47 PM
>>> Subject: Re: access PDF doc from inside Flex app but not outside?
>>>
>>> One more thing. The front end user sees a nice filename associated
>>> to some id. On the server this id has a record that has the actual
>>> disk filename that I'm going to retrieve. The front end user never
>>> sees the actual filename of my file or where on my server it is stored.
>>>
>>> So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
>>>
>>> On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez
>>> <ramirez.eugene@gmail.com
>>>> wrote:
>>>> I have files stored on the server which can either be inside a
>>>> database or some other file the servlet has access but not under
>>>> the public_html directory and while I'm using JBOSS the servlet is
>>>> the one that returns the file the user has requested.
>>>>
>>>> The piece of code the servlet executes is:
>>>>
>>>> //find out the filename using some logic and checking if the user
>>>> has access rights //once I have it I execute the following code:
>>>>
>>>> File file=new File(filename);
>>>> if (file.exists()){
>>>> resp.setContentType("application/x-download");
>>>> resp.setHeader("Content-Disposition", "attachment; filename=" +
>>>> clientFilenameToBeSavedAs); returnFile(filename,
>>>> resp.getOutputStream()); }else{ //System.out.println("file DOES
>>>> NOT exist:" + filename); //error handling goes here }
>>>>
>>>>
>>>>
>>>>
>>>> returnFile method
>>>>
>>>> public static void returnFile(String filename, OutputStream out)
>>>> throws FileNotFoundException, IOException { InputStream in = null;
>>>> try { in = new BufferedInputStream(new FileInputStream(filename));
>>>> byte[] buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while
>>>> ((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead);
>>>> } } finally { if (in != null) in.close(); } }
>>>>
>>>>
>>>>
>>>> My FLEX code that will call the servlet method:
>>>>
>>>>
>>>> private function startDownloadingFile(attachment:Attachment):void{
>>>> if (_downloadFileRef==null) _downloadFileRef=new FileReference();
>>>> var req:URLRequest=new URLRequest(SERVER_URL); var
>>>> variables:URLVariables=new URLVariables();
>>>> variables.command=DOWNLOAD_ATTACHMENT;
>>>> variables.attachmentId=attachment.id;
>>>> variables.sessionId=Params.getInstance().get("sessionId");
>>>> req.data=variables;
>>>> _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
>>>> downloadFileRef_progress);
>>>> _downloadFileRef.addEventListener(Event.COMPLETE,
>>>> downloadFileRef_complete);
>>>> _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_can
>>>> ce
>>>> l)
>>>> ;
>>>> try{
>>>> mx.managers.CursorManager.setBusyCursor();
>>>> _downloadFileRef.download(req,attachment.filename);
>>>> }catch(error:Error){
>>>> mx.managers.CursorManager.removeBusyCursor();
>>>> Alert.show("unable to download file","Error downloading file"); }
>>>> }
>>>>
>>>>
>>>> Note: My user has already been authenticated by the server and has
>>>> a sessionId that is unique to the user. On the server I have this
>>>> sessionId stored with a reference to the user. Anytime someone
>>>> wants to download a file I check the sessionId and see if its:
>>>> 1) Valid
>>>> 2) The filename the user is trying to download has access to
>>>> download the file
>>>>
>>>> The servlet goes and gets the file that is not in a public
>>>> directory and sends it over.
>>>>
>>>> Others might have a different method of doing this but this works
>>>> for
>> me.
>>>> Hopefully this helps.
>>>> Ruben
>>>>
>>>>
>>>>
>>>> On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
>>>> maurice.amsellem@systar.com> wrote:
>>>>
>>>>>> how does the servlet open the PDF in a new (client) browser
>>>>>> window
>>>>> It's not the servlet, it's the flex app that is responsible of
>>>>> opening the new window.
>>>>> The servlet will simply read the bytes of the PDF file and write
>>>>> them to the output stream, as if it was a static file (that what
>>>>> the http server does actually)
>>>>>
>>>>>> And when it does open the PDF in a new browser window, wouldn't
>>>>>> the
>>>>> full URL including token be shown in the browser (if so, someone
>>>>> could copy this URL and e-mail to someone else to open it)?
>>>>> The "security token" would be valid for the current user session only.
>>>>> You could for example use the jsessionid as a key (or something
>>> similar).
>>>>> So if someone else that is not logged tries the same url, it will
>>>>> not work.
>>>>>
>>>>> Maurice
>>>>>
>>>>> -----Message d'origine-----
>>>>> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
>>>>> samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re:
>>>>> access PDF doc from inside Flex app but not outside?
>>>>>
>>>>> I call a few Java servlets in my app using HTTPService(),
>>>>> although my app is not contained in a JEE Web App as far as I know.
>>>>>
>>>>> Let me see if I follow... the servlet is called from within Flex
>>>>> using a specific URL. I can append some text representing a
>>>>> "security token" on that URL, which the servlet validates then ...
>>>>> hmm, how does the servlet open the PDF in a new (client) browser
>>>>> window (maybe you can refer me to a specific command I can
>>>>> research to figure that
>>> out)?
>>>>> And when it does open the PDF in a new browser window, wouldn't
>>>>> the full URL including token be shown in the browser (if so,
>>>>> someone could copy this URL and e-mail to someone else to open it)?
>>>>>
>>>>>
>>>>> ----- Original Message -----
>>>>>
>>>>> From: "Maurice Amsellem" <ma...@systar.com>
>>>>> To: users@flex.apache.org
>>>>> Sent: Friday, April 4, 2014 3:05:50 PM
>>>>> Subject: RE: access PDF doc from inside Flex app but not outside?
>>>>>
>>>>> Then the PDF files would be stored in the private area of the
>>>>> web-app (under WEB-INF) , so they can't be accessed directly.
>>>>>
>>>>> There are probably variants of this, but I think you get the idea.
>>>>>
>>>>> -----Message d'origine-----
>>>>> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
>>>>> Envoyé : samedi 5 avril 2014 00:04 À : users@flex.apache.org
>>>>> Objet
>>>>> : RE: access PDF doc from inside Flex app but not outside?
>>>>>
>>>>> If your app is contained in a JEE Web App, you could probably
>>>>> write a servlet to download the PDF securely, using a "security
>>>>> token" or
>>> something.
>>>>> The Flex App would simply request the servlet through its url to
>>>>> get the PDF, and pass it the security token.
>>>>>
>>>>> Makes sense ?
>>>>>
>>>>> Maurice
>>>>>
>>>>> -----Message d'origine-----
>>>>> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
>>>>> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access
>>>>> PDF doc from inside Flex app but not outside?
>>>>>
>>>>> I have a desktop Flex app that users register and login. I need
>>>>> to provide these users access to technical documents in PDF format.
>>>>> However, I don't want to put these docs in my server's
>>>>> public_html directory because then any visitor can potentially
>>>>> view them. Is there any way for the Flex app to open these PDF
>>>>> files in a new browser window, while preventing their access by website visitors?
>>>>> That is, the files can only be opened when logged into the app,
>>>>> and not by copying and pasting a link in an email that goes to
>>>>> someone else
>>> for them to open in any browser.
>>>>> I understand the user can simply download the PDF file and e-mail
>>>>> it if he/she really wants to (I'm just trying to make it a little
>>>>> more
>>> difficult).
>>>>> I was thinking maybe there was a way to place the PDF files
>>>>> somewhere in the Java application server since only Flex has
>>>>> access there (a firewall blocks website visitors). Thought maybe
>>>>> someone ran into this before and could help me see what's possible.
>>>>>
>>>>>
>>>
>>
>
>
>
Re: access PDF doc from inside Flex app but not outside?
Posted by mo...@comcast.net.
Hi Maurice,
I understand what you're saying. I guess I'm not asking my question well. Let me try again. The goal is to have the user click a button that downloads a PDF file and displays it in a browser window such that the file is derived from a non-public server directory (such as WEB-INF) and can therefore only be retrieved from the Flex-based web app.
I can see from the servlet code below that the PDF file is returned in variable resp. If I use Eugene's approach, the file gets saved in the user's chosen directory. Thus, the user has no knowledge of where the file is located on the server, and there's no way for the user to share a link with a non-user to retrieve the file (although, of course, the user can always just e-mail the file itself to a non-user; not much I can do about that). That is one working process, but requires a business process allowing the Flex web app to access a client directory, which I'm not permitted to do.
Alternatively, if I use the navigateToURL(new URLRequest(...)) approach, I was thinking that somehow the PDF file was still downloaded, and stored in a variable, and I was wondering how that variable gets used for the first parameter in URLRequest().
Otherwise, if I simply use the servlet URL for that first parameter in URLRequest(), couldn't someone use that same servlet URL outside of the web app by entering it in a browser window any accomplish the same thing? If so, then I'd need to do what you first proposed by having the servlet figure out if the user that originally submitted the download request was currently logged in, etc. I do have a timestamp when the user logs in, but not when he/she logs out (since he/she could just close the browser window and I'd no knowledge of it, etc.). So, I'd prefer not to go down that route. But if there was a way to simply download the file to a variable (e.g. to cache memory) then open it (even if the user must first be asked if he/she wants to open it as a second step in the process, to get around any Flex security limitations, etc.), this would seem cleaner. Perhaps that's not possible though.
----- Original Message -----
From: "Maurice Amsellem" <ma...@systar.com>
To: users@flex.apache.org
Sent: Sunday, April 6, 2014 2:10:52 PM
Subject: RE: access PDF doc from inside Flex app but not outside?
The principle for FileReference.download() and navigateToUrl() are the same:
You call some URL that return some content.
In the case of download(), the returned content will be saved to some file
In the case of navigateToUrl() it will be displayed in the browser window indicated in the second argument ( _blank, _self, etc...).
The "download" is implicit when you access to the url, it does not necessarily mean there is a physical file behind.
The browser of the web app DOES NOT KNOW if it's a static file behind, or a servlet that dynamically generates a PDF.
It could even be a dynamic PDF file generated on-the-fly when you access the URL.
(this is for example what happens when you download your PDF phone or internet bill from your ISP).
Make sure to set properly the contentType in your servlet, so that it's recognized properly, that's all.
Is that clear enough ?
Maurice
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net]
Envoyé : dimanche 6 avril 2014 22:42
À : users@flex.apache.org
Objet : Re: access PDF doc from inside Flex app but not outside?
Hi Maurice, Yes I use Java middle tier, so Java servlet's are fine and can access files in WEB-INF directory. I'm guess I'm still missing how to download the file in the background and open it. Basically, how to execute this...
>The PDF is then download and displayed directly in the browser, when
>you access the link
The following command
_downloadFileRef.download(req,attachment.filename);
will open a window for the user to select a directory to download the file. But I shouldn't do that, since I just want the file to be in cache, so what would I use instead? That is, if I use navigateToURL( new URLRequest( ... ) ), then what is the variable inside URLRequest(), and where does it come from?
----- Original Message -----
From: "Maurice Amsellem" <ma...@systar.com>
To: users@flex.apache.org
Sent: Sunday, April 6, 2014 1:09:27 PM
Subject: RE: access PDF doc from inside Flex app but not outside?
Ok, so you are talking about the flex app itself.
But here, there is no need to write anything on the browser's side, so it's not an issue.
I am assuming the flex app is served by a web app server of any kind.
I need to know how is your app architected on the server's side:
Is it a static web app (which I doubt) or a dynamic web app (php, JEE) http://en.wikipedia.org/wiki/Application_server#Java_application_servers
If it's a JEE, then you can write servlets, and the web app server will be allowed to read in the WEB-INF directory, so that's where you will store your PDFs (in some sub-directory actually).
The PDF is then download and displayed directly in the browser, when you access the link , and not saved to disk until users asks to save it.
Does this make sense to you ?
Maurice
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé : dimanche 6 avril 2014 21:31 À : users@flex.apache.org Objet : Re: access PDF doc from inside Flex app but not outside?
Hi Maurice, it's a Flex app running in a Flash Player inside a browser. Desktop only (not mobile). I should clarify that technically the Flex app may be able to access the user's directories (at least from the discussion below that the Flex technologies permits this) but my business logic says the app is not allowed to access to a client's directories, networked printers, etc., so that customers can feel more secure about using the application. So I can only work with cache memory on the client's machine.
----- Original Message -----
From: "Maurice Amsellem" <ma...@systar.com>
To: users@flex.apache.org
Sent: Sunday, April 6, 2014 11:58:26 AM
Subject: RE: access PDF doc from inside Flex app but not outside?
Sorry Eugene, the question was for modjklist, as he was the one that said " My app isn't permitted to access a user's directory".
I wasn't sure whether he was talking about the flex app running in the browser not being permitted to access local user directory, or the web app server (ie. with servlets, etc) .
Maurice
-----Message d'origine-----
De : Eugene Ramirez [mailto:ramirez.eugene@gmail.com] Envoyé : dimanche 6 avril 2014 20:35 À : users@flex.apache.org Objet : Re: access PDF doc from inside Flex app but not outside?
It's a Flex app that runs using the Flash player inside a browser. When I created the Flex app the application type was set to Web. So it would be a Flex web app. Correct?
On Sun, Apr 6, 2014 at 11:19 AM, Maurice Amsellem < maurice.amsellem@systar.com> wrote:
> >My app isn't permitted to access a user's directory
> Do you mean the Flex app or the web app?
>
> Maurice
>
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> dimanche 6 avril 2014 19:40 À : users@flex.apache.org Objet : Re:
> access PDF doc from inside Flex app but not outside?
>
> Thanks for the info Eugene and Maurice, My app isn't permitted to
> access a user's directory. Can I simply download to cache memory, then
> load it into browser from there? User can then save to his/her hard
> drive from the browser if needed. If so, would the command be:
>
> navigateToURL(new URLRequest( _downloadFileRef ));
>
>
> ----- Original Message -----
>
> From: "Eugene Ramirez" <ra...@gmail.com>
> To: users@flex.apache.org
> Sent: Sunday, April 6, 2014 10:29:16 AM
> Subject: Re: access PDF doc from inside Flex app but not outside?
>
> navigateToURL will open in a new browser. The code I provided is for
> downloading a file to directory that the user specifies. So what you
> want to use navigateToURL as Maurice stated.
>
>
> On Sun, Apr 6, 2014 at 8:43 AM, Maurice Amsellem <
> maurice.amsellem@systar.com> wrote:
>
> > If you want to open the PDF in a new window, you can use an
> > alternate
> way:
> >
> > - create an URLRequest same way,
> > - then navigate to the url using navigateToURL( urlRequest,
> > "_blank");
> >
> > See:
> >
> > http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/f
> > la
> > sh/net/package.html#navigateToURL()
> >
> >
> >
> > -----Message d'origine-----
> > De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > dimanche 6 avril 2014 16:46 À : users@flex.apache.org Objet : Re:
> > access PDF doc from inside Flex app but not outside?
> >
> > Thanks so much Eugene,
> >
> > >The front end user never sees the actual filename of my file or
> > >where on
> > my server it is stored.
> >
> > Can you describe what the user does see in the client? That is, how
> > does he/she open the downloaded PDF file? Does the user need to go
> > to the Downloads folder to locate the file, then open it? Or, is
> > there another statement, perhaps in the function
> > downloadFileRef_complete, that opens the downloaded PDF file in a
> > new browser window (if so, what's the command and what shows in the
> > URL of that window)? It would help to see what's in
> > downloadFileRef_complete, and
> downloadFileRef_progress (if possible).
> >
> > ----- Original Message -----
> >
> > From: "Eugene Ramirez" <ra...@gmail.com>
> > To: users@flex.apache.org
> > Sent: Saturday, April 5, 2014 5:44:47 PM
> > Subject: Re: access PDF doc from inside Flex app but not outside?
> >
> > One more thing. The front end user sees a nice filename associated
> > to some id. On the server this id has a record that has the actual
> > disk filename that I'm going to retrieve. The front end user never
> > sees the actual filename of my file or where on my server it is stored.
> >
> > So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
> >
> > On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez
> > <ramirez.eugene@gmail.com
> > >wrote:
> >
> > > I have files stored on the server which can either be inside a
> > > database or some other file the servlet has access but not under
> > > the public_html directory and while I'm using JBOSS the servlet is
> > > the one that returns the file the user has requested.
> > >
> > > The piece of code the servlet executes is:
> > >
> > > //find out the filename using some logic and checking if the user
> > > has access rights //once I have it I execute the following code:
> > >
> > > File file=new File(filename);
> > > if (file.exists()){
> > > resp.setContentType("application/x-download");
> > > resp.setHeader("Content-Disposition", "attachment; filename=" +
> > > clientFilenameToBeSavedAs); returnFile(filename,
> > > resp.getOutputStream()); }else{ //System.out.println("file DOES
> > > NOT exist:" + filename); //error handling goes here }
> > >
> > >
> > >
> > >
> > > returnFile method
> > >
> > > public static void returnFile(String filename, OutputStream out)
> > > throws FileNotFoundException, IOException { InputStream in = null;
> > > try { in = new BufferedInputStream(new FileInputStream(filename));
> > > byte[] buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while
> > > ((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead);
> > > } } finally { if (in != null) in.close(); } }
> > >
> > >
> > >
> > > My FLEX code that will call the servlet method:
> > >
> > >
> > > private function startDownloadingFile(attachment:Attachment):void{
> > > if (_downloadFileRef==null) _downloadFileRef=new FileReference();
> > > var req:URLRequest=new URLRequest(SERVER_URL); var
> > > variables:URLVariables=new URLVariables();
> > > variables.command=DOWNLOAD_ATTACHMENT;
> > > variables.attachmentId=attachment.id;
> > > variables.sessionId=Params.getInstance().get("sessionId");
> > > req.data=variables;
> > > _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> > > downloadFileRef_progress);
> > > _downloadFileRef.addEventListener(Event.COMPLETE,
> > > downloadFileRef_complete);
> > > _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_can
> > > ce
> > > l)
> > > ;
> > > try{
> > > mx.managers.CursorManager.setBusyCursor();
> > > _downloadFileRef.download(req,attachment.filename);
> > > }catch(error:Error){
> > > mx.managers.CursorManager.removeBusyCursor();
> > > Alert.show("unable to download file","Error downloading file"); }
> > > }
> > >
> > >
> > > Note: My user has already been authenticated by the server and has
> > > a sessionId that is unique to the user. On the server I have this
> > > sessionId stored with a reference to the user. Anytime someone
> > > wants to download a file I check the sessionId and see if its:
> > > 1) Valid
> > > 2) The filename the user is trying to download has access to
> > > download the file
> > >
> > > The servlet goes and gets the file that is not in a public
> > > directory and sends it over.
> > >
> > > Others might have a different method of doing this but this works
> > > for
> me.
> > >
> > > Hopefully this helps.
> > > Ruben
> > >
> > >
> > >
> > > On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> > > maurice.amsellem@systar.com> wrote:
> > >
> > >> >how does the servlet open the PDF in a new (client) browser
> > >> >window
> > >> It's not the servlet, it's the flex app that is responsible of
> > >> opening the new window.
> > >> The servlet will simply read the bytes of the PDF file and write
> > >> them to the output stream, as if it was a static file (that what
> > >> the http server does actually)
> > >>
> > >> > And when it does open the PDF in a new browser window, wouldn't
> > >> > the
> > >> full URL including token be shown in the browser (if so, someone
> > >> could copy this URL and e-mail to someone else to open it)?
> > >> The "security token" would be valid for the current user session only.
> > >> You could for example use the jsessionid as a key (or something
> > similar).
> > >> So if someone else that is not logged tries the same url, it will
> > >> not work.
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re:
> > >> access PDF doc from inside Flex app but not outside?
> > >>
> > >> I call a few Java servlets in my app using HTTPService(),
> > >> although my app is not contained in a JEE Web App as far as I know.
> > >>
> > >> Let me see if I follow... the servlet is called from within Flex
> > >> using a specific URL. I can append some text representing a
> > >> "security token" on that URL, which the servlet validates then ...
> > >> hmm, how does the servlet open the PDF in a new (client) browser
> > >> window (maybe you can refer me to a specific command I can
> > >> research to figure that
> > out)?
> > >>
> > >> And when it does open the PDF in a new browser window, wouldn't
> > >> the full URL including token be shown in the browser (if so,
> > >> someone could copy this URL and e-mail to someone else to open it)?
> > >>
> > >>
> > >> ----- Original Message -----
> > >>
> > >> From: "Maurice Amsellem" <ma...@systar.com>
> > >> To: users@flex.apache.org
> > >> Sent: Friday, April 4, 2014 3:05:50 PM
> > >> Subject: RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> Then the PDF files would be stored in the private area of the
> > >> web-app (under WEB-INF) , so they can't be accessed directly.
> > >>
> > >> There are probably variants of this, but I think you get the idea.
> > >>
> > >> -----Message d'origine-----
> > >> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> > >> Envoyé : samedi 5 avril 2014 00:04 À : users@flex.apache.org
> > >> Objet
> > >> : RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> If your app is contained in a JEE Web App, you could probably
> > >> write a servlet to download the PDF securely, using a "security
> > >> token" or
> > something.
> > >> The Flex App would simply request the servlet through its url to
> > >> get the PDF, and pass it the security token.
> > >>
> > >> Makes sense ?
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access
> > >> PDF doc from inside Flex app but not outside?
> > >>
> > >> I have a desktop Flex app that users register and login. I need
> > >> to provide these users access to technical documents in PDF format.
> > >> However, I don't want to put these docs in my server's
> > >> public_html directory because then any visitor can potentially
> > >> view them. Is there any way for the Flex app to open these PDF
> > >> files in a new browser window, while preventing their access by website visitors?
> > >> That is, the files can only be opened when logged into the app,
> > >> and not by copying and pasting a link in an email that goes to
> > >> someone else
> > for them to open in any browser.
> > >>
> > >> I understand the user can simply download the PDF file and e-mail
> > >> it if he/she really wants to (I'm just trying to make it a little
> > >> more
> > difficult).
> > >>
> > >> I was thinking maybe there was a way to place the PDF files
> > >> somewhere in the Java application server since only Flex has
> > >> access there (a firewall blocks website visitors). Thought maybe
> > >> someone ran into this before and could help me see what's possible.
> > >>
> > >>
> > >
> >
> >
>
>
RE: access PDF doc from inside Flex app but not outside?
Posted by Maurice Amsellem <ma...@systar.com>.
The principle for FileReference.download() and navigateToUrl() are the same:
You call some URL that return some content.
In the case of download(), the returned content will be saved to some file
In the case of navigateToUrl() it will be displayed in the browser window indicated in the second argument ( _blank, _self, etc...).
The "download" is implicit when you access to the url, it does not necessarily mean there is a physical file behind.
The browser of the web app DOES NOT KNOW if it's a static file behind, or a servlet that dynamically generates a PDF.
It could even be a dynamic PDF file generated on-the-fly when you access the URL.
(this is for example what happens when you download your PDF phone or internet bill from your ISP).
Make sure to set properly the contentType in your servlet, so that it's recognized properly, that's all.
Is that clear enough ?
Maurice
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net]
Envoyé : dimanche 6 avril 2014 22:42
À : users@flex.apache.org
Objet : Re: access PDF doc from inside Flex app but not outside?
Hi Maurice, Yes I use Java middle tier, so Java servlet's are fine and can access files in WEB-INF directory. I'm guess I'm still missing how to download the file in the background and open it. Basically, how to execute this...
>The PDF is then download and displayed directly in the browser, when
>you access the link
The following command
_downloadFileRef.download(req,attachment.filename);
will open a window for the user to select a directory to download the file. But I shouldn't do that, since I just want the file to be in cache, so what would I use instead? That is, if I use navigateToURL( new URLRequest( ... ) ), then what is the variable inside URLRequest(), and where does it come from?
----- Original Message -----
From: "Maurice Amsellem" <ma...@systar.com>
To: users@flex.apache.org
Sent: Sunday, April 6, 2014 1:09:27 PM
Subject: RE: access PDF doc from inside Flex app but not outside?
Ok, so you are talking about the flex app itself.
But here, there is no need to write anything on the browser's side, so it's not an issue.
I am assuming the flex app is served by a web app server of any kind.
I need to know how is your app architected on the server's side:
Is it a static web app (which I doubt) or a dynamic web app (php, JEE) http://en.wikipedia.org/wiki/Application_server#Java_application_servers
If it's a JEE, then you can write servlets, and the web app server will be allowed to read in the WEB-INF directory, so that's where you will store your PDFs (in some sub-directory actually).
The PDF is then download and displayed directly in the browser, when you access the link , and not saved to disk until users asks to save it.
Does this make sense to you ?
Maurice
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé : dimanche 6 avril 2014 21:31 À : users@flex.apache.org Objet : Re: access PDF doc from inside Flex app but not outside?
Hi Maurice, it's a Flex app running in a Flash Player inside a browser. Desktop only (not mobile). I should clarify that technically the Flex app may be able to access the user's directories (at least from the discussion below that the Flex technologies permits this) but my business logic says the app is not allowed to access to a client's directories, networked printers, etc., so that customers can feel more secure about using the application. So I can only work with cache memory on the client's machine.
----- Original Message -----
From: "Maurice Amsellem" <ma...@systar.com>
To: users@flex.apache.org
Sent: Sunday, April 6, 2014 11:58:26 AM
Subject: RE: access PDF doc from inside Flex app but not outside?
Sorry Eugene, the question was for modjklist, as he was the one that said " My app isn't permitted to access a user's directory".
I wasn't sure whether he was talking about the flex app running in the browser not being permitted to access local user directory, or the web app server (ie. with servlets, etc) .
Maurice
-----Message d'origine-----
De : Eugene Ramirez [mailto:ramirez.eugene@gmail.com] Envoyé : dimanche 6 avril 2014 20:35 À : users@flex.apache.org Objet : Re: access PDF doc from inside Flex app but not outside?
It's a Flex app that runs using the Flash player inside a browser. When I created the Flex app the application type was set to Web. So it would be a Flex web app. Correct?
On Sun, Apr 6, 2014 at 11:19 AM, Maurice Amsellem < maurice.amsellem@systar.com> wrote:
> >My app isn't permitted to access a user's directory
> Do you mean the Flex app or the web app?
>
> Maurice
>
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> dimanche 6 avril 2014 19:40 À : users@flex.apache.org Objet : Re:
> access PDF doc from inside Flex app but not outside?
>
> Thanks for the info Eugene and Maurice, My app isn't permitted to
> access a user's directory. Can I simply download to cache memory, then
> load it into browser from there? User can then save to his/her hard
> drive from the browser if needed. If so, would the command be:
>
> navigateToURL(new URLRequest( _downloadFileRef ));
>
>
> ----- Original Message -----
>
> From: "Eugene Ramirez" <ra...@gmail.com>
> To: users@flex.apache.org
> Sent: Sunday, April 6, 2014 10:29:16 AM
> Subject: Re: access PDF doc from inside Flex app but not outside?
>
> navigateToURL will open in a new browser. The code I provided is for
> downloading a file to directory that the user specifies. So what you
> want to use navigateToURL as Maurice stated.
>
>
> On Sun, Apr 6, 2014 at 8:43 AM, Maurice Amsellem <
> maurice.amsellem@systar.com> wrote:
>
> > If you want to open the PDF in a new window, you can use an
> > alternate
> way:
> >
> > - create an URLRequest same way,
> > - then navigate to the url using navigateToURL( urlRequest,
> > "_blank");
> >
> > See:
> >
> > http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/f
> > la
> > sh/net/package.html#navigateToURL()
> >
> >
> >
> > -----Message d'origine-----
> > De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > dimanche 6 avril 2014 16:46 À : users@flex.apache.org Objet : Re:
> > access PDF doc from inside Flex app but not outside?
> >
> > Thanks so much Eugene,
> >
> > >The front end user never sees the actual filename of my file or
> > >where on
> > my server it is stored.
> >
> > Can you describe what the user does see in the client? That is, how
> > does he/she open the downloaded PDF file? Does the user need to go
> > to the Downloads folder to locate the file, then open it? Or, is
> > there another statement, perhaps in the function
> > downloadFileRef_complete, that opens the downloaded PDF file in a
> > new browser window (if so, what's the command and what shows in the
> > URL of that window)? It would help to see what's in
> > downloadFileRef_complete, and
> downloadFileRef_progress (if possible).
> >
> > ----- Original Message -----
> >
> > From: "Eugene Ramirez" <ra...@gmail.com>
> > To: users@flex.apache.org
> > Sent: Saturday, April 5, 2014 5:44:47 PM
> > Subject: Re: access PDF doc from inside Flex app but not outside?
> >
> > One more thing. The front end user sees a nice filename associated
> > to some id. On the server this id has a record that has the actual
> > disk filename that I'm going to retrieve. The front end user never
> > sees the actual filename of my file or where on my server it is stored.
> >
> > So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
> >
> > On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez
> > <ramirez.eugene@gmail.com
> > >wrote:
> >
> > > I have files stored on the server which can either be inside a
> > > database or some other file the servlet has access but not under
> > > the public_html directory and while I'm using JBOSS the servlet is
> > > the one that returns the file the user has requested.
> > >
> > > The piece of code the servlet executes is:
> > >
> > > //find out the filename using some logic and checking if the user
> > > has access rights //once I have it I execute the following code:
> > >
> > > File file=new File(filename);
> > > if (file.exists()){
> > > resp.setContentType("application/x-download");
> > > resp.setHeader("Content-Disposition", "attachment; filename=" +
> > > clientFilenameToBeSavedAs); returnFile(filename,
> > > resp.getOutputStream()); }else{ //System.out.println("file DOES
> > > NOT exist:" + filename); //error handling goes here }
> > >
> > >
> > >
> > >
> > > returnFile method
> > >
> > > public static void returnFile(String filename, OutputStream out)
> > > throws FileNotFoundException, IOException { InputStream in = null;
> > > try { in = new BufferedInputStream(new FileInputStream(filename));
> > > byte[] buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while
> > > ((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead);
> > > } } finally { if (in != null) in.close(); } }
> > >
> > >
> > >
> > > My FLEX code that will call the servlet method:
> > >
> > >
> > > private function startDownloadingFile(attachment:Attachment):void{
> > > if (_downloadFileRef==null) _downloadFileRef=new FileReference();
> > > var req:URLRequest=new URLRequest(SERVER_URL); var
> > > variables:URLVariables=new URLVariables();
> > > variables.command=DOWNLOAD_ATTACHMENT;
> > > variables.attachmentId=attachment.id;
> > > variables.sessionId=Params.getInstance().get("sessionId");
> > > req.data=variables;
> > > _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> > > downloadFileRef_progress);
> > > _downloadFileRef.addEventListener(Event.COMPLETE,
> > > downloadFileRef_complete);
> > > _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_can
> > > ce
> > > l)
> > > ;
> > > try{
> > > mx.managers.CursorManager.setBusyCursor();
> > > _downloadFileRef.download(req,attachment.filename);
> > > }catch(error:Error){
> > > mx.managers.CursorManager.removeBusyCursor();
> > > Alert.show("unable to download file","Error downloading file"); }
> > > }
> > >
> > >
> > > Note: My user has already been authenticated by the server and has
> > > a sessionId that is unique to the user. On the server I have this
> > > sessionId stored with a reference to the user. Anytime someone
> > > wants to download a file I check the sessionId and see if its:
> > > 1) Valid
> > > 2) The filename the user is trying to download has access to
> > > download the file
> > >
> > > The servlet goes and gets the file that is not in a public
> > > directory and sends it over.
> > >
> > > Others might have a different method of doing this but this works
> > > for
> me.
> > >
> > > Hopefully this helps.
> > > Ruben
> > >
> > >
> > >
> > > On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> > > maurice.amsellem@systar.com> wrote:
> > >
> > >> >how does the servlet open the PDF in a new (client) browser
> > >> >window
> > >> It's not the servlet, it's the flex app that is responsible of
> > >> opening the new window.
> > >> The servlet will simply read the bytes of the PDF file and write
> > >> them to the output stream, as if it was a static file (that what
> > >> the http server does actually)
> > >>
> > >> > And when it does open the PDF in a new browser window, wouldn't
> > >> > the
> > >> full URL including token be shown in the browser (if so, someone
> > >> could copy this URL and e-mail to someone else to open it)?
> > >> The "security token" would be valid for the current user session only.
> > >> You could for example use the jsessionid as a key (or something
> > similar).
> > >> So if someone else that is not logged tries the same url, it will
> > >> not work.
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re:
> > >> access PDF doc from inside Flex app but not outside?
> > >>
> > >> I call a few Java servlets in my app using HTTPService(),
> > >> although my app is not contained in a JEE Web App as far as I know.
> > >>
> > >> Let me see if I follow... the servlet is called from within Flex
> > >> using a specific URL. I can append some text representing a
> > >> "security token" on that URL, which the servlet validates then ...
> > >> hmm, how does the servlet open the PDF in a new (client) browser
> > >> window (maybe you can refer me to a specific command I can
> > >> research to figure that
> > out)?
> > >>
> > >> And when it does open the PDF in a new browser window, wouldn't
> > >> the full URL including token be shown in the browser (if so,
> > >> someone could copy this URL and e-mail to someone else to open it)?
> > >>
> > >>
> > >> ----- Original Message -----
> > >>
> > >> From: "Maurice Amsellem" <ma...@systar.com>
> > >> To: users@flex.apache.org
> > >> Sent: Friday, April 4, 2014 3:05:50 PM
> > >> Subject: RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> Then the PDF files would be stored in the private area of the
> > >> web-app (under WEB-INF) , so they can't be accessed directly.
> > >>
> > >> There are probably variants of this, but I think you get the idea.
> > >>
> > >> -----Message d'origine-----
> > >> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> > >> Envoyé : samedi 5 avril 2014 00:04 À : users@flex.apache.org
> > >> Objet
> > >> : RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> If your app is contained in a JEE Web App, you could probably
> > >> write a servlet to download the PDF securely, using a "security
> > >> token" or
> > something.
> > >> The Flex App would simply request the servlet through its url to
> > >> get the PDF, and pass it the security token.
> > >>
> > >> Makes sense ?
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access
> > >> PDF doc from inside Flex app but not outside?
> > >>
> > >> I have a desktop Flex app that users register and login. I need
> > >> to provide these users access to technical documents in PDF format.
> > >> However, I don't want to put these docs in my server's
> > >> public_html directory because then any visitor can potentially
> > >> view them. Is there any way for the Flex app to open these PDF
> > >> files in a new browser window, while preventing their access by website visitors?
> > >> That is, the files can only be opened when logged into the app,
> > >> and not by copying and pasting a link in an email that goes to
> > >> someone else
> > for them to open in any browser.
> > >>
> > >> I understand the user can simply download the PDF file and e-mail
> > >> it if he/she really wants to (I'm just trying to make it a little
> > >> more
> > difficult).
> > >>
> > >> I was thinking maybe there was a way to place the PDF files
> > >> somewhere in the Java application server since only Flex has
> > >> access there (a firewall blocks website visitors). Thought maybe
> > >> someone ran into this before and could help me see what's possible.
> > >>
> > >>
> > >
> >
> >
>
>
Re: access PDF doc from inside Flex app but not outside?
Posted by mo...@comcast.net.
Hi Maurice, Yes I use Java middle tier, so Java servlet's are fine and can access files in WEB-INF directory. I'm guess I'm still missing how to download the file in the background and open it. Basically, how to execute this...
>The PDF is then download and displayed directly in the browser, when you access the link
The following command
_downloadFileRef.download(req,attachment.filename);
will open a window for the user to select a directory to download the file. But I shouldn't do that, since I just want the file to be in cache, so what would I use instead? That is, if I use navigateToURL( new URLRequest( ... ) ), then what is the variable inside URLRequest(), and where does it come from?
----- Original Message -----
From: "Maurice Amsellem" <ma...@systar.com>
To: users@flex.apache.org
Sent: Sunday, April 6, 2014 1:09:27 PM
Subject: RE: access PDF doc from inside Flex app but not outside?
Ok, so you are talking about the flex app itself.
But here, there is no need to write anything on the browser's side, so it's not an issue.
I am assuming the flex app is served by a web app server of any kind.
I need to know how is your app architected on the server's side:
Is it a static web app (which I doubt) or a dynamic web app (php, JEE)
http://en.wikipedia.org/wiki/Application_server#Java_application_servers
If it's a JEE, then you can write servlets, and the web app server will be allowed to read in the WEB-INF directory,
so that's where you will store your PDFs (in some sub-directory actually).
The PDF is then download and displayed directly in the browser, when you access the link , and not saved to disk until users asks to save it.
Does this make sense to you ?
Maurice
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net]
Envoyé : dimanche 6 avril 2014 21:31
À : users@flex.apache.org
Objet : Re: access PDF doc from inside Flex app but not outside?
Hi Maurice, it's a Flex app running in a Flash Player inside a browser. Desktop only (not mobile). I should clarify that technically the Flex app may be able to access the user's directories (at least from the discussion below that the Flex technologies permits this) but my business logic says the app is not allowed to access to a client's directories, networked printers, etc., so that customers can feel more secure about using the application. So I can only work with cache memory on the client's machine.
----- Original Message -----
From: "Maurice Amsellem" <ma...@systar.com>
To: users@flex.apache.org
Sent: Sunday, April 6, 2014 11:58:26 AM
Subject: RE: access PDF doc from inside Flex app but not outside?
Sorry Eugene, the question was for modjklist, as he was the one that said " My app isn't permitted to access a user's directory".
I wasn't sure whether he was talking about the flex app running in the browser not being permitted to access local user directory, or the web app server (ie. with servlets, etc) .
Maurice
-----Message d'origine-----
De : Eugene Ramirez [mailto:ramirez.eugene@gmail.com] Envoyé : dimanche 6 avril 2014 20:35 À : users@flex.apache.org Objet : Re: access PDF doc from inside Flex app but not outside?
It's a Flex app that runs using the Flash player inside a browser. When I created the Flex app the application type was set to Web. So it would be a Flex web app. Correct?
On Sun, Apr 6, 2014 at 11:19 AM, Maurice Amsellem < maurice.amsellem@systar.com> wrote:
> >My app isn't permitted to access a user's directory
> Do you mean the Flex app or the web app?
>
> Maurice
>
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> dimanche 6 avril 2014 19:40 À : users@flex.apache.org Objet : Re:
> access PDF doc from inside Flex app but not outside?
>
> Thanks for the info Eugene and Maurice, My app isn't permitted to
> access a user's directory. Can I simply download to cache memory, then
> load it into browser from there? User can then save to his/her hard
> drive from the browser if needed. If so, would the command be:
>
> navigateToURL(new URLRequest( _downloadFileRef ));
>
>
> ----- Original Message -----
>
> From: "Eugene Ramirez" <ra...@gmail.com>
> To: users@flex.apache.org
> Sent: Sunday, April 6, 2014 10:29:16 AM
> Subject: Re: access PDF doc from inside Flex app but not outside?
>
> navigateToURL will open in a new browser. The code I provided is for
> downloading a file to directory that the user specifies. So what you
> want to use navigateToURL as Maurice stated.
>
>
> On Sun, Apr 6, 2014 at 8:43 AM, Maurice Amsellem <
> maurice.amsellem@systar.com> wrote:
>
> > If you want to open the PDF in a new window, you can use an
> > alternate
> way:
> >
> > - create an URLRequest same way,
> > - then navigate to the url using navigateToURL( urlRequest,
> > "_blank");
> >
> > See:
> >
> > http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/f
> > la
> > sh/net/package.html#navigateToURL()
> >
> >
> >
> > -----Message d'origine-----
> > De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > dimanche 6 avril 2014 16:46 À : users@flex.apache.org Objet : Re:
> > access PDF doc from inside Flex app but not outside?
> >
> > Thanks so much Eugene,
> >
> > >The front end user never sees the actual filename of my file or
> > >where on
> > my server it is stored.
> >
> > Can you describe what the user does see in the client? That is, how
> > does he/she open the downloaded PDF file? Does the user need to go
> > to the Downloads folder to locate the file, then open it? Or, is
> > there another statement, perhaps in the function
> > downloadFileRef_complete, that opens the downloaded PDF file in a
> > new browser window (if so, what's the command and what shows in the
> > URL of that window)? It would help to see what's in
> > downloadFileRef_complete, and
> downloadFileRef_progress (if possible).
> >
> > ----- Original Message -----
> >
> > From: "Eugene Ramirez" <ra...@gmail.com>
> > To: users@flex.apache.org
> > Sent: Saturday, April 5, 2014 5:44:47 PM
> > Subject: Re: access PDF doc from inside Flex app but not outside?
> >
> > One more thing. The front end user sees a nice filename associated
> > to some id. On the server this id has a record that has the actual
> > disk filename that I'm going to retrieve. The front end user never
> > sees the actual filename of my file or where on my server it is stored.
> >
> > So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
> >
> > On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez
> > <ramirez.eugene@gmail.com
> > >wrote:
> >
> > > I have files stored on the server which can either be inside a
> > > database or some other file the servlet has access but not under
> > > the public_html directory and while I'm using JBOSS the servlet is
> > > the one that returns the file the user has requested.
> > >
> > > The piece of code the servlet executes is:
> > >
> > > //find out the filename using some logic and checking if the user
> > > has access rights //once I have it I execute the following code:
> > >
> > > File file=new File(filename);
> > > if (file.exists()){
> > > resp.setContentType("application/x-download");
> > > resp.setHeader("Content-Disposition", "attachment; filename=" +
> > > clientFilenameToBeSavedAs); returnFile(filename,
> > > resp.getOutputStream()); }else{ //System.out.println("file DOES
> > > NOT exist:" + filename); //error handling goes here }
> > >
> > >
> > >
> > >
> > > returnFile method
> > >
> > > public static void returnFile(String filename, OutputStream out)
> > > throws FileNotFoundException, IOException { InputStream in = null;
> > > try { in = new BufferedInputStream(new FileInputStream(filename));
> > > byte[] buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while
> > > ((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead);
> > > } } finally { if (in != null) in.close(); } }
> > >
> > >
> > >
> > > My FLEX code that will call the servlet method:
> > >
> > >
> > > private function startDownloadingFile(attachment:Attachment):void{
> > > if (_downloadFileRef==null) _downloadFileRef=new FileReference();
> > > var req:URLRequest=new URLRequest(SERVER_URL); var
> > > variables:URLVariables=new URLVariables();
> > > variables.command=DOWNLOAD_ATTACHMENT;
> > > variables.attachmentId=attachment.id;
> > > variables.sessionId=Params.getInstance().get("sessionId");
> > > req.data=variables;
> > > _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> > > downloadFileRef_progress);
> > > _downloadFileRef.addEventListener(Event.COMPLETE,
> > > downloadFileRef_complete);
> > > _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_can
> > > ce
> > > l)
> > > ;
> > > try{
> > > mx.managers.CursorManager.setBusyCursor();
> > > _downloadFileRef.download(req,attachment.filename);
> > > }catch(error:Error){
> > > mx.managers.CursorManager.removeBusyCursor();
> > > Alert.show("unable to download file","Error downloading file"); }
> > > }
> > >
> > >
> > > Note: My user has already been authenticated by the server and has
> > > a sessionId that is unique to the user. On the server I have this
> > > sessionId stored with a reference to the user. Anytime someone
> > > wants to download a file I check the sessionId and see if its:
> > > 1) Valid
> > > 2) The filename the user is trying to download has access to
> > > download the file
> > >
> > > The servlet goes and gets the file that is not in a public
> > > directory and sends it over.
> > >
> > > Others might have a different method of doing this but this works
> > > for
> me.
> > >
> > > Hopefully this helps.
> > > Ruben
> > >
> > >
> > >
> > > On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> > > maurice.amsellem@systar.com> wrote:
> > >
> > >> >how does the servlet open the PDF in a new (client) browser
> > >> >window
> > >> It's not the servlet, it's the flex app that is responsible of
> > >> opening the new window.
> > >> The servlet will simply read the bytes of the PDF file and write
> > >> them to the output stream, as if it was a static file (that what
> > >> the http server does actually)
> > >>
> > >> > And when it does open the PDF in a new browser window, wouldn't
> > >> > the
> > >> full URL including token be shown in the browser (if so, someone
> > >> could copy this URL and e-mail to someone else to open it)?
> > >> The "security token" would be valid for the current user session only.
> > >> You could for example use the jsessionid as a key (or something
> > similar).
> > >> So if someone else that is not logged tries the same url, it will
> > >> not work.
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re:
> > >> access PDF doc from inside Flex app but not outside?
> > >>
> > >> I call a few Java servlets in my app using HTTPService(),
> > >> although my app is not contained in a JEE Web App as far as I know.
> > >>
> > >> Let me see if I follow... the servlet is called from within Flex
> > >> using a specific URL. I can append some text representing a
> > >> "security token" on that URL, which the servlet validates then ...
> > >> hmm, how does the servlet open the PDF in a new (client) browser
> > >> window (maybe you can refer me to a specific command I can
> > >> research to figure that
> > out)?
> > >>
> > >> And when it does open the PDF in a new browser window, wouldn't
> > >> the full URL including token be shown in the browser (if so,
> > >> someone could copy this URL and e-mail to someone else to open it)?
> > >>
> > >>
> > >> ----- Original Message -----
> > >>
> > >> From: "Maurice Amsellem" <ma...@systar.com>
> > >> To: users@flex.apache.org
> > >> Sent: Friday, April 4, 2014 3:05:50 PM
> > >> Subject: RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> Then the PDF files would be stored in the private area of the
> > >> web-app (under WEB-INF) , so they can't be accessed directly.
> > >>
> > >> There are probably variants of this, but I think you get the idea.
> > >>
> > >> -----Message d'origine-----
> > >> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> > >> Envoyé : samedi 5 avril 2014 00:04 À : users@flex.apache.org
> > >> Objet
> > >> : RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> If your app is contained in a JEE Web App, you could probably
> > >> write a servlet to download the PDF securely, using a "security
> > >> token" or
> > something.
> > >> The Flex App would simply request the servlet through its url to
> > >> get the PDF, and pass it the security token.
> > >>
> > >> Makes sense ?
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access
> > >> PDF doc from inside Flex app but not outside?
> > >>
> > >> I have a desktop Flex app that users register and login. I need
> > >> to provide these users access to technical documents in PDF format.
> > >> However, I don't want to put these docs in my server's
> > >> public_html directory because then any visitor can potentially
> > >> view them. Is there any way for the Flex app to open these PDF
> > >> files in a new browser window, while preventing their access by website visitors?
> > >> That is, the files can only be opened when logged into the app,
> > >> and not by copying and pasting a link in an email that goes to
> > >> someone else
> > for them to open in any browser.
> > >>
> > >> I understand the user can simply download the PDF file and e-mail
> > >> it if he/she really wants to (I'm just trying to make it a little
> > >> more
> > difficult).
> > >>
> > >> I was thinking maybe there was a way to place the PDF files
> > >> somewhere in the Java application server since only Flex has
> > >> access there (a firewall blocks website visitors). Thought maybe
> > >> someone ran into this before and could help me see what's possible.
> > >>
> > >>
> > >
> >
> >
>
>
RE: access PDF doc from inside Flex app but not outside?
Posted by Maurice Amsellem <ma...@systar.com>.
Ok, so you are talking about the flex app itself.
But here, there is no need to write anything on the browser's side, so it's not an issue.
I am assuming the flex app is served by a web app server of any kind.
I need to know how is your app architected on the server's side:
Is it a static web app (which I doubt) or a dynamic web app (php, JEE)
http://en.wikipedia.org/wiki/Application_server#Java_application_servers
If it's a JEE, then you can write servlets, and the web app server will be allowed to read in the WEB-INF directory,
so that's where you will store your PDFs (in some sub-directory actually).
The PDF is then download and displayed directly in the browser, when you access the link , and not saved to disk until users asks to save it.
Does this make sense to you ?
Maurice
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net]
Envoyé : dimanche 6 avril 2014 21:31
À : users@flex.apache.org
Objet : Re: access PDF doc from inside Flex app but not outside?
Hi Maurice, it's a Flex app running in a Flash Player inside a browser. Desktop only (not mobile). I should clarify that technically the Flex app may be able to access the user's directories (at least from the discussion below that the Flex technologies permits this) but my business logic says the app is not allowed to access to a client's directories, networked printers, etc., so that customers can feel more secure about using the application. So I can only work with cache memory on the client's machine.
----- Original Message -----
From: "Maurice Amsellem" <ma...@systar.com>
To: users@flex.apache.org
Sent: Sunday, April 6, 2014 11:58:26 AM
Subject: RE: access PDF doc from inside Flex app but not outside?
Sorry Eugene, the question was for modjklist, as he was the one that said " My app isn't permitted to access a user's directory".
I wasn't sure whether he was talking about the flex app running in the browser not being permitted to access local user directory, or the web app server (ie. with servlets, etc) .
Maurice
-----Message d'origine-----
De : Eugene Ramirez [mailto:ramirez.eugene@gmail.com] Envoyé : dimanche 6 avril 2014 20:35 À : users@flex.apache.org Objet : Re: access PDF doc from inside Flex app but not outside?
It's a Flex app that runs using the Flash player inside a browser. When I created the Flex app the application type was set to Web. So it would be a Flex web app. Correct?
On Sun, Apr 6, 2014 at 11:19 AM, Maurice Amsellem < maurice.amsellem@systar.com> wrote:
> >My app isn't permitted to access a user's directory
> Do you mean the Flex app or the web app?
>
> Maurice
>
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> dimanche 6 avril 2014 19:40 À : users@flex.apache.org Objet : Re:
> access PDF doc from inside Flex app but not outside?
>
> Thanks for the info Eugene and Maurice, My app isn't permitted to
> access a user's directory. Can I simply download to cache memory, then
> load it into browser from there? User can then save to his/her hard
> drive from the browser if needed. If so, would the command be:
>
> navigateToURL(new URLRequest( _downloadFileRef ));
>
>
> ----- Original Message -----
>
> From: "Eugene Ramirez" <ra...@gmail.com>
> To: users@flex.apache.org
> Sent: Sunday, April 6, 2014 10:29:16 AM
> Subject: Re: access PDF doc from inside Flex app but not outside?
>
> navigateToURL will open in a new browser. The code I provided is for
> downloading a file to directory that the user specifies. So what you
> want to use navigateToURL as Maurice stated.
>
>
> On Sun, Apr 6, 2014 at 8:43 AM, Maurice Amsellem <
> maurice.amsellem@systar.com> wrote:
>
> > If you want to open the PDF in a new window, you can use an
> > alternate
> way:
> >
> > - create an URLRequest same way,
> > - then navigate to the url using navigateToURL( urlRequest,
> > "_blank");
> >
> > See:
> >
> > http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/f
> > la
> > sh/net/package.html#navigateToURL()
> >
> >
> >
> > -----Message d'origine-----
> > De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > dimanche 6 avril 2014 16:46 À : users@flex.apache.org Objet : Re:
> > access PDF doc from inside Flex app but not outside?
> >
> > Thanks so much Eugene,
> >
> > >The front end user never sees the actual filename of my file or
> > >where on
> > my server it is stored.
> >
> > Can you describe what the user does see in the client? That is, how
> > does he/she open the downloaded PDF file? Does the user need to go
> > to the Downloads folder to locate the file, then open it? Or, is
> > there another statement, perhaps in the function
> > downloadFileRef_complete, that opens the downloaded PDF file in a
> > new browser window (if so, what's the command and what shows in the
> > URL of that window)? It would help to see what's in
> > downloadFileRef_complete, and
> downloadFileRef_progress (if possible).
> >
> > ----- Original Message -----
> >
> > From: "Eugene Ramirez" <ra...@gmail.com>
> > To: users@flex.apache.org
> > Sent: Saturday, April 5, 2014 5:44:47 PM
> > Subject: Re: access PDF doc from inside Flex app but not outside?
> >
> > One more thing. The front end user sees a nice filename associated
> > to some id. On the server this id has a record that has the actual
> > disk filename that I'm going to retrieve. The front end user never
> > sees the actual filename of my file or where on my server it is stored.
> >
> > So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
> >
> > On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez
> > <ramirez.eugene@gmail.com
> > >wrote:
> >
> > > I have files stored on the server which can either be inside a
> > > database or some other file the servlet has access but not under
> > > the public_html directory and while I'm using JBOSS the servlet is
> > > the one that returns the file the user has requested.
> > >
> > > The piece of code the servlet executes is:
> > >
> > > //find out the filename using some logic and checking if the user
> > > has access rights //once I have it I execute the following code:
> > >
> > > File file=new File(filename);
> > > if (file.exists()){
> > > resp.setContentType("application/x-download");
> > > resp.setHeader("Content-Disposition", "attachment; filename=" +
> > > clientFilenameToBeSavedAs); returnFile(filename,
> > > resp.getOutputStream()); }else{ //System.out.println("file DOES
> > > NOT exist:" + filename); //error handling goes here }
> > >
> > >
> > >
> > >
> > > returnFile method
> > >
> > > public static void returnFile(String filename, OutputStream out)
> > > throws FileNotFoundException, IOException { InputStream in = null;
> > > try { in = new BufferedInputStream(new FileInputStream(filename));
> > > byte[] buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while
> > > ((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead);
> > > } } finally { if (in != null) in.close(); } }
> > >
> > >
> > >
> > > My FLEX code that will call the servlet method:
> > >
> > >
> > > private function startDownloadingFile(attachment:Attachment):void{
> > > if (_downloadFileRef==null) _downloadFileRef=new FileReference();
> > > var req:URLRequest=new URLRequest(SERVER_URL); var
> > > variables:URLVariables=new URLVariables();
> > > variables.command=DOWNLOAD_ATTACHMENT;
> > > variables.attachmentId=attachment.id;
> > > variables.sessionId=Params.getInstance().get("sessionId");
> > > req.data=variables;
> > > _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> > > downloadFileRef_progress);
> > > _downloadFileRef.addEventListener(Event.COMPLETE,
> > > downloadFileRef_complete);
> > > _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_can
> > > ce
> > > l)
> > > ;
> > > try{
> > > mx.managers.CursorManager.setBusyCursor();
> > > _downloadFileRef.download(req,attachment.filename);
> > > }catch(error:Error){
> > > mx.managers.CursorManager.removeBusyCursor();
> > > Alert.show("unable to download file","Error downloading file"); }
> > > }
> > >
> > >
> > > Note: My user has already been authenticated by the server and has
> > > a sessionId that is unique to the user. On the server I have this
> > > sessionId stored with a reference to the user. Anytime someone
> > > wants to download a file I check the sessionId and see if its:
> > > 1) Valid
> > > 2) The filename the user is trying to download has access to
> > > download the file
> > >
> > > The servlet goes and gets the file that is not in a public
> > > directory and sends it over.
> > >
> > > Others might have a different method of doing this but this works
> > > for
> me.
> > >
> > > Hopefully this helps.
> > > Ruben
> > >
> > >
> > >
> > > On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> > > maurice.amsellem@systar.com> wrote:
> > >
> > >> >how does the servlet open the PDF in a new (client) browser
> > >> >window
> > >> It's not the servlet, it's the flex app that is responsible of
> > >> opening the new window.
> > >> The servlet will simply read the bytes of the PDF file and write
> > >> them to the output stream, as if it was a static file (that what
> > >> the http server does actually)
> > >>
> > >> > And when it does open the PDF in a new browser window, wouldn't
> > >> > the
> > >> full URL including token be shown in the browser (if so, someone
> > >> could copy this URL and e-mail to someone else to open it)?
> > >> The "security token" would be valid for the current user session only.
> > >> You could for example use the jsessionid as a key (or something
> > similar).
> > >> So if someone else that is not logged tries the same url, it will
> > >> not work.
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re:
> > >> access PDF doc from inside Flex app but not outside?
> > >>
> > >> I call a few Java servlets in my app using HTTPService(),
> > >> although my app is not contained in a JEE Web App as far as I know.
> > >>
> > >> Let me see if I follow... the servlet is called from within Flex
> > >> using a specific URL. I can append some text representing a
> > >> "security token" on that URL, which the servlet validates then ...
> > >> hmm, how does the servlet open the PDF in a new (client) browser
> > >> window (maybe you can refer me to a specific command I can
> > >> research to figure that
> > out)?
> > >>
> > >> And when it does open the PDF in a new browser window, wouldn't
> > >> the full URL including token be shown in the browser (if so,
> > >> someone could copy this URL and e-mail to someone else to open it)?
> > >>
> > >>
> > >> ----- Original Message -----
> > >>
> > >> From: "Maurice Amsellem" <ma...@systar.com>
> > >> To: users@flex.apache.org
> > >> Sent: Friday, April 4, 2014 3:05:50 PM
> > >> Subject: RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> Then the PDF files would be stored in the private area of the
> > >> web-app (under WEB-INF) , so they can't be accessed directly.
> > >>
> > >> There are probably variants of this, but I think you get the idea.
> > >>
> > >> -----Message d'origine-----
> > >> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> > >> Envoyé : samedi 5 avril 2014 00:04 À : users@flex.apache.org
> > >> Objet
> > >> : RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> If your app is contained in a JEE Web App, you could probably
> > >> write a servlet to download the PDF securely, using a "security
> > >> token" or
> > something.
> > >> The Flex App would simply request the servlet through its url to
> > >> get the PDF, and pass it the security token.
> > >>
> > >> Makes sense ?
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access
> > >> PDF doc from inside Flex app but not outside?
> > >>
> > >> I have a desktop Flex app that users register and login. I need
> > >> to provide these users access to technical documents in PDF format.
> > >> However, I don't want to put these docs in my server's
> > >> public_html directory because then any visitor can potentially
> > >> view them. Is there any way for the Flex app to open these PDF
> > >> files in a new browser window, while preventing their access by website visitors?
> > >> That is, the files can only be opened when logged into the app,
> > >> and not by copying and pasting a link in an email that goes to
> > >> someone else
> > for them to open in any browser.
> > >>
> > >> I understand the user can simply download the PDF file and e-mail
> > >> it if he/she really wants to (I'm just trying to make it a little
> > >> more
> > difficult).
> > >>
> > >> I was thinking maybe there was a way to place the PDF files
> > >> somewhere in the Java application server since only Flex has
> > >> access there (a firewall blocks website visitors). Thought maybe
> > >> someone ran into this before and could help me see what's possible.
> > >>
> > >>
> > >
> >
> >
>
>
Re: access PDF doc from inside Flex app but not outside?
Posted by mo...@comcast.net.
Hi Maurice, it's a Flex app running in a Flash Player inside a browser. Desktop only (not mobile). I should clarify that technically the Flex app may be able to access the user's directories (at least from the discussion below that the Flex technologies permits this) but my business logic says the app is not allowed to access to a client's directories, networked printers, etc., so that customers can feel more secure about using the application. So I can only work with cache memory on the client's machine.
----- Original Message -----
From: "Maurice Amsellem" <ma...@systar.com>
To: users@flex.apache.org
Sent: Sunday, April 6, 2014 11:58:26 AM
Subject: RE: access PDF doc from inside Flex app but not outside?
Sorry Eugene, the question was for modjklist, as he was the one that said " My app isn't permitted to access a user's directory".
I wasn't sure whether he was talking about the flex app running in the browser not being permitted to access local user directory, or the web app server (ie. with servlets, etc) .
Maurice
-----Message d'origine-----
De : Eugene Ramirez [mailto:ramirez.eugene@gmail.com]
Envoyé : dimanche 6 avril 2014 20:35
À : users@flex.apache.org
Objet : Re: access PDF doc from inside Flex app but not outside?
It's a Flex app that runs using the Flash player inside a browser. When I created the Flex app the application type was set to Web. So it would be a Flex web app. Correct?
On Sun, Apr 6, 2014 at 11:19 AM, Maurice Amsellem < maurice.amsellem@systar.com> wrote:
> >My app isn't permitted to access a user's directory
> Do you mean the Flex app or the web app?
>
> Maurice
>
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> dimanche 6 avril 2014 19:40 À : users@flex.apache.org Objet : Re:
> access PDF doc from inside Flex app but not outside?
>
> Thanks for the info Eugene and Maurice, My app isn't permitted to
> access a user's directory. Can I simply download to cache memory, then
> load it into browser from there? User can then save to his/her hard
> drive from the browser if needed. If so, would the command be:
>
> navigateToURL(new URLRequest( _downloadFileRef ));
>
>
> ----- Original Message -----
>
> From: "Eugene Ramirez" <ra...@gmail.com>
> To: users@flex.apache.org
> Sent: Sunday, April 6, 2014 10:29:16 AM
> Subject: Re: access PDF doc from inside Flex app but not outside?
>
> navigateToURL will open in a new browser. The code I provided is for
> downloading a file to directory that the user specifies. So what you
> want to use navigateToURL as Maurice stated.
>
>
> On Sun, Apr 6, 2014 at 8:43 AM, Maurice Amsellem <
> maurice.amsellem@systar.com> wrote:
>
> > If you want to open the PDF in a new window, you can use an
> > alternate
> way:
> >
> > - create an URLRequest same way,
> > - then navigate to the url using navigateToURL( urlRequest,
> > "_blank");
> >
> > See:
> >
> > http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/f
> > la
> > sh/net/package.html#navigateToURL()
> >
> >
> >
> > -----Message d'origine-----
> > De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > dimanche 6 avril 2014 16:46 À : users@flex.apache.org Objet : Re:
> > access PDF doc from inside Flex app but not outside?
> >
> > Thanks so much Eugene,
> >
> > >The front end user never sees the actual filename of my file or
> > >where on
> > my server it is stored.
> >
> > Can you describe what the user does see in the client? That is, how
> > does he/she open the downloaded PDF file? Does the user need to go
> > to the Downloads folder to locate the file, then open it? Or, is
> > there another statement, perhaps in the function
> > downloadFileRef_complete, that opens the downloaded PDF file in a
> > new browser window (if so, what's the command and what shows in the
> > URL of that window)? It would help to see what's in
> > downloadFileRef_complete, and
> downloadFileRef_progress (if possible).
> >
> > ----- Original Message -----
> >
> > From: "Eugene Ramirez" <ra...@gmail.com>
> > To: users@flex.apache.org
> > Sent: Saturday, April 5, 2014 5:44:47 PM
> > Subject: Re: access PDF doc from inside Flex app but not outside?
> >
> > One more thing. The front end user sees a nice filename associated
> > to some id. On the server this id has a record that has the actual
> > disk filename that I'm going to retrieve. The front end user never
> > sees the actual filename of my file or where on my server it is stored.
> >
> > So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
> >
> > On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez
> > <ramirez.eugene@gmail.com
> > >wrote:
> >
> > > I have files stored on the server which can either be inside a
> > > database or some other file the servlet has access but not under
> > > the public_html directory and while I'm using JBOSS the servlet is
> > > the one that returns the file the user has requested.
> > >
> > > The piece of code the servlet executes is:
> > >
> > > //find out the filename using some logic and checking if the user
> > > has access rights //once I have it I execute the following code:
> > >
> > > File file=new File(filename);
> > > if (file.exists()){
> > > resp.setContentType("application/x-download");
> > > resp.setHeader("Content-Disposition", "attachment; filename=" +
> > > clientFilenameToBeSavedAs); returnFile(filename,
> > > resp.getOutputStream()); }else{ //System.out.println("file DOES
> > > NOT exist:" + filename); //error handling goes here }
> > >
> > >
> > >
> > >
> > > returnFile method
> > >
> > > public static void returnFile(String filename, OutputStream out)
> > > throws FileNotFoundException, IOException { InputStream in = null;
> > > try { in = new BufferedInputStream(new FileInputStream(filename));
> > > byte[] buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while
> > > ((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead);
> > > } } finally { if (in != null) in.close(); } }
> > >
> > >
> > >
> > > My FLEX code that will call the servlet method:
> > >
> > >
> > > private function startDownloadingFile(attachment:Attachment):void{
> > > if (_downloadFileRef==null) _downloadFileRef=new FileReference();
> > > var req:URLRequest=new URLRequest(SERVER_URL); var
> > > variables:URLVariables=new URLVariables();
> > > variables.command=DOWNLOAD_ATTACHMENT;
> > > variables.attachmentId=attachment.id;
> > > variables.sessionId=Params.getInstance().get("sessionId");
> > > req.data=variables;
> > > _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> > > downloadFileRef_progress);
> > > _downloadFileRef.addEventListener(Event.COMPLETE,
> > > downloadFileRef_complete);
> > > _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_can
> > > ce
> > > l)
> > > ;
> > > try{
> > > mx.managers.CursorManager.setBusyCursor();
> > > _downloadFileRef.download(req,attachment.filename);
> > > }catch(error:Error){
> > > mx.managers.CursorManager.removeBusyCursor();
> > > Alert.show("unable to download file","Error downloading file"); }
> > > }
> > >
> > >
> > > Note: My user has already been authenticated by the server and has
> > > a sessionId that is unique to the user. On the server I have this
> > > sessionId stored with a reference to the user. Anytime someone
> > > wants to download a file I check the sessionId and see if its:
> > > 1) Valid
> > > 2) The filename the user is trying to download has access to
> > > download the file
> > >
> > > The servlet goes and gets the file that is not in a public
> > > directory and sends it over.
> > >
> > > Others might have a different method of doing this but this works
> > > for
> me.
> > >
> > > Hopefully this helps.
> > > Ruben
> > >
> > >
> > >
> > > On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> > > maurice.amsellem@systar.com> wrote:
> > >
> > >> >how does the servlet open the PDF in a new (client) browser
> > >> >window
> > >> It's not the servlet, it's the flex app that is responsible of
> > >> opening the new window.
> > >> The servlet will simply read the bytes of the PDF file and write
> > >> them to the output stream, as if it was a static file (that what
> > >> the http server does actually)
> > >>
> > >> > And when it does open the PDF in a new browser window, wouldn't
> > >> > the
> > >> full URL including token be shown in the browser (if so, someone
> > >> could copy this URL and e-mail to someone else to open it)?
> > >> The "security token" would be valid for the current user session only.
> > >> You could for example use the jsessionid as a key (or something
> > similar).
> > >> So if someone else that is not logged tries the same url, it will
> > >> not work.
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re:
> > >> access PDF doc from inside Flex app but not outside?
> > >>
> > >> I call a few Java servlets in my app using HTTPService(),
> > >> although my app is not contained in a JEE Web App as far as I know.
> > >>
> > >> Let me see if I follow... the servlet is called from within Flex
> > >> using a specific URL. I can append some text representing a
> > >> "security token" on that URL, which the servlet validates then ...
> > >> hmm, how does the servlet open the PDF in a new (client) browser
> > >> window (maybe you can refer me to a specific command I can
> > >> research to figure that
> > out)?
> > >>
> > >> And when it does open the PDF in a new browser window, wouldn't
> > >> the full URL including token be shown in the browser (if so,
> > >> someone could copy this URL and e-mail to someone else to open it)?
> > >>
> > >>
> > >> ----- Original Message -----
> > >>
> > >> From: "Maurice Amsellem" <ma...@systar.com>
> > >> To: users@flex.apache.org
> > >> Sent: Friday, April 4, 2014 3:05:50 PM
> > >> Subject: RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> Then the PDF files would be stored in the private area of the
> > >> web-app (under WEB-INF) , so they can't be accessed directly.
> > >>
> > >> There are probably variants of this, but I think you get the idea.
> > >>
> > >> -----Message d'origine-----
> > >> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> > >> Envoyé : samedi 5 avril 2014 00:04 À : users@flex.apache.org
> > >> Objet
> > >> : RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> If your app is contained in a JEE Web App, you could probably
> > >> write a servlet to download the PDF securely, using a "security
> > >> token" or
> > something.
> > >> The Flex App would simply request the servlet through its url to
> > >> get the PDF, and pass it the security token.
> > >>
> > >> Makes sense ?
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access
> > >> PDF doc from inside Flex app but not outside?
> > >>
> > >> I have a desktop Flex app that users register and login. I need
> > >> to provide these users access to technical documents in PDF format.
> > >> However, I don't want to put these docs in my server's
> > >> public_html directory because then any visitor can potentially
> > >> view them. Is there any way for the Flex app to open these PDF
> > >> files in a new browser window, while preventing their access by website visitors?
> > >> That is, the files can only be opened when logged into the app,
> > >> and not by copying and pasting a link in an email that goes to
> > >> someone else
> > for them to open in any browser.
> > >>
> > >> I understand the user can simply download the PDF file and e-mail
> > >> it if he/she really wants to (I'm just trying to make it a little
> > >> more
> > difficult).
> > >>
> > >> I was thinking maybe there was a way to place the PDF files
> > >> somewhere in the Java application server since only Flex has
> > >> access there (a firewall blocks website visitors). Thought maybe
> > >> someone ran into this before and could help me see what's possible.
> > >>
> > >>
> > >
> >
> >
>
>
RE: access PDF doc from inside Flex app but not outside?
Posted by Maurice Amsellem <ma...@systar.com>.
Sorry Eugene, the question was for modjklist, as he was the one that said " My app isn't permitted to access a user's directory".
I wasn't sure whether he was talking about the flex app running in the browser not being permitted to access local user directory, or the web app server (ie. with servlets, etc) .
Maurice
-----Message d'origine-----
De : Eugene Ramirez [mailto:ramirez.eugene@gmail.com]
Envoyé : dimanche 6 avril 2014 20:35
À : users@flex.apache.org
Objet : Re: access PDF doc from inside Flex app but not outside?
It's a Flex app that runs using the Flash player inside a browser. When I created the Flex app the application type was set to Web. So it would be a Flex web app. Correct?
On Sun, Apr 6, 2014 at 11:19 AM, Maurice Amsellem < maurice.amsellem@systar.com> wrote:
> >My app isn't permitted to access a user's directory
> Do you mean the Flex app or the web app?
>
> Maurice
>
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> dimanche 6 avril 2014 19:40 À : users@flex.apache.org Objet : Re:
> access PDF doc from inside Flex app but not outside?
>
> Thanks for the info Eugene and Maurice, My app isn't permitted to
> access a user's directory. Can I simply download to cache memory, then
> load it into browser from there? User can then save to his/her hard
> drive from the browser if needed. If so, would the command be:
>
> navigateToURL(new URLRequest( _downloadFileRef ));
>
>
> ----- Original Message -----
>
> From: "Eugene Ramirez" <ra...@gmail.com>
> To: users@flex.apache.org
> Sent: Sunday, April 6, 2014 10:29:16 AM
> Subject: Re: access PDF doc from inside Flex app but not outside?
>
> navigateToURL will open in a new browser. The code I provided is for
> downloading a file to directory that the user specifies. So what you
> want to use navigateToURL as Maurice stated.
>
>
> On Sun, Apr 6, 2014 at 8:43 AM, Maurice Amsellem <
> maurice.amsellem@systar.com> wrote:
>
> > If you want to open the PDF in a new window, you can use an
> > alternate
> way:
> >
> > - create an URLRequest same way,
> > - then navigate to the url using navigateToURL( urlRequest,
> > "_blank");
> >
> > See:
> >
> > http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/f
> > la
> > sh/net/package.html#navigateToURL()
> >
> >
> >
> > -----Message d'origine-----
> > De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > dimanche 6 avril 2014 16:46 À : users@flex.apache.org Objet : Re:
> > access PDF doc from inside Flex app but not outside?
> >
> > Thanks so much Eugene,
> >
> > >The front end user never sees the actual filename of my file or
> > >where on
> > my server it is stored.
> >
> > Can you describe what the user does see in the client? That is, how
> > does he/she open the downloaded PDF file? Does the user need to go
> > to the Downloads folder to locate the file, then open it? Or, is
> > there another statement, perhaps in the function
> > downloadFileRef_complete, that opens the downloaded PDF file in a
> > new browser window (if so, what's the command and what shows in the
> > URL of that window)? It would help to see what's in
> > downloadFileRef_complete, and
> downloadFileRef_progress (if possible).
> >
> > ----- Original Message -----
> >
> > From: "Eugene Ramirez" <ra...@gmail.com>
> > To: users@flex.apache.org
> > Sent: Saturday, April 5, 2014 5:44:47 PM
> > Subject: Re: access PDF doc from inside Flex app but not outside?
> >
> > One more thing. The front end user sees a nice filename associated
> > to some id. On the server this id has a record that has the actual
> > disk filename that I'm going to retrieve. The front end user never
> > sees the actual filename of my file or where on my server it is stored.
> >
> > So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
> >
> > On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez
> > <ramirez.eugene@gmail.com
> > >wrote:
> >
> > > I have files stored on the server which can either be inside a
> > > database or some other file the servlet has access but not under
> > > the public_html directory and while I'm using JBOSS the servlet is
> > > the one that returns the file the user has requested.
> > >
> > > The piece of code the servlet executes is:
> > >
> > > //find out the filename using some logic and checking if the user
> > > has access rights //once I have it I execute the following code:
> > >
> > > File file=new File(filename);
> > > if (file.exists()){
> > > resp.setContentType("application/x-download");
> > > resp.setHeader("Content-Disposition", "attachment; filename=" +
> > > clientFilenameToBeSavedAs); returnFile(filename,
> > > resp.getOutputStream()); }else{ //System.out.println("file DOES
> > > NOT exist:" + filename); //error handling goes here }
> > >
> > >
> > >
> > >
> > > returnFile method
> > >
> > > public static void returnFile(String filename, OutputStream out)
> > > throws FileNotFoundException, IOException { InputStream in = null;
> > > try { in = new BufferedInputStream(new FileInputStream(filename));
> > > byte[] buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while
> > > ((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead);
> > > } } finally { if (in != null) in.close(); } }
> > >
> > >
> > >
> > > My FLEX code that will call the servlet method:
> > >
> > >
> > > private function startDownloadingFile(attachment:Attachment):void{
> > > if (_downloadFileRef==null) _downloadFileRef=new FileReference();
> > > var req:URLRequest=new URLRequest(SERVER_URL); var
> > > variables:URLVariables=new URLVariables();
> > > variables.command=DOWNLOAD_ATTACHMENT;
> > > variables.attachmentId=attachment.id;
> > > variables.sessionId=Params.getInstance().get("sessionId");
> > > req.data=variables;
> > > _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> > > downloadFileRef_progress);
> > > _downloadFileRef.addEventListener(Event.COMPLETE,
> > > downloadFileRef_complete);
> > > _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_can
> > > ce
> > > l)
> > > ;
> > > try{
> > > mx.managers.CursorManager.setBusyCursor();
> > > _downloadFileRef.download(req,attachment.filename);
> > > }catch(error:Error){
> > > mx.managers.CursorManager.removeBusyCursor();
> > > Alert.show("unable to download file","Error downloading file"); }
> > > }
> > >
> > >
> > > Note: My user has already been authenticated by the server and has
> > > a sessionId that is unique to the user. On the server I have this
> > > sessionId stored with a reference to the user. Anytime someone
> > > wants to download a file I check the sessionId and see if its:
> > > 1) Valid
> > > 2) The filename the user is trying to download has access to
> > > download the file
> > >
> > > The servlet goes and gets the file that is not in a public
> > > directory and sends it over.
> > >
> > > Others might have a different method of doing this but this works
> > > for
> me.
> > >
> > > Hopefully this helps.
> > > Ruben
> > >
> > >
> > >
> > > On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> > > maurice.amsellem@systar.com> wrote:
> > >
> > >> >how does the servlet open the PDF in a new (client) browser
> > >> >window
> > >> It's not the servlet, it's the flex app that is responsible of
> > >> opening the new window.
> > >> The servlet will simply read the bytes of the PDF file and write
> > >> them to the output stream, as if it was a static file (that what
> > >> the http server does actually)
> > >>
> > >> > And when it does open the PDF in a new browser window, wouldn't
> > >> > the
> > >> full URL including token be shown in the browser (if so, someone
> > >> could copy this URL and e-mail to someone else to open it)?
> > >> The "security token" would be valid for the current user session only.
> > >> You could for example use the jsessionid as a key (or something
> > similar).
> > >> So if someone else that is not logged tries the same url, it will
> > >> not work.
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re:
> > >> access PDF doc from inside Flex app but not outside?
> > >>
> > >> I call a few Java servlets in my app using HTTPService(),
> > >> although my app is not contained in a JEE Web App as far as I know.
> > >>
> > >> Let me see if I follow... the servlet is called from within Flex
> > >> using a specific URL. I can append some text representing a
> > >> "security token" on that URL, which the servlet validates then ...
> > >> hmm, how does the servlet open the PDF in a new (client) browser
> > >> window (maybe you can refer me to a specific command I can
> > >> research to figure that
> > out)?
> > >>
> > >> And when it does open the PDF in a new browser window, wouldn't
> > >> the full URL including token be shown in the browser (if so,
> > >> someone could copy this URL and e-mail to someone else to open it)?
> > >>
> > >>
> > >> ----- Original Message -----
> > >>
> > >> From: "Maurice Amsellem" <ma...@systar.com>
> > >> To: users@flex.apache.org
> > >> Sent: Friday, April 4, 2014 3:05:50 PM
> > >> Subject: RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> Then the PDF files would be stored in the private area of the
> > >> web-app (under WEB-INF) , so they can't be accessed directly.
> > >>
> > >> There are probably variants of this, but I think you get the idea.
> > >>
> > >> -----Message d'origine-----
> > >> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> > >> Envoyé : samedi 5 avril 2014 00:04 À : users@flex.apache.org
> > >> Objet
> > >> : RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> If your app is contained in a JEE Web App, you could probably
> > >> write a servlet to download the PDF securely, using a "security
> > >> token" or
> > something.
> > >> The Flex App would simply request the servlet through its url to
> > >> get the PDF, and pass it the security token.
> > >>
> > >> Makes sense ?
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access
> > >> PDF doc from inside Flex app but not outside?
> > >>
> > >> I have a desktop Flex app that users register and login. I need
> > >> to provide these users access to technical documents in PDF format.
> > >> However, I don't want to put these docs in my server's
> > >> public_html directory because then any visitor can potentially
> > >> view them. Is there any way for the Flex app to open these PDF
> > >> files in a new browser window, while preventing their access by website visitors?
> > >> That is, the files can only be opened when logged into the app,
> > >> and not by copying and pasting a link in an email that goes to
> > >> someone else
> > for them to open in any browser.
> > >>
> > >> I understand the user can simply download the PDF file and e-mail
> > >> it if he/she really wants to (I'm just trying to make it a little
> > >> more
> > difficult).
> > >>
> > >> I was thinking maybe there was a way to place the PDF files
> > >> somewhere in the Java application server since only Flex has
> > >> access there (a firewall blocks website visitors). Thought maybe
> > >> someone ran into this before and could help me see what's possible.
> > >>
> > >>
> > >
> >
> >
>
>
Re: access PDF doc from inside Flex app but not outside?
Posted by Eugene Ramirez <ra...@gmail.com>.
It's a Flex app that runs using the Flash player inside a browser. When I
created the Flex app the application type was set to Web. So it would be a
Flex web app. Correct?
On Sun, Apr 6, 2014 at 11:19 AM, Maurice Amsellem <
maurice.amsellem@systar.com> wrote:
> >My app isn't permitted to access a user's directory
> Do you mean the Flex app or the web app?
>
> Maurice
>
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net]
> Envoyé : dimanche 6 avril 2014 19:40
> À : users@flex.apache.org
> Objet : Re: access PDF doc from inside Flex app but not outside?
>
> Thanks for the info Eugene and Maurice, My app isn't permitted to access a
> user's directory. Can I simply download to cache memory, then load it into
> browser from there? User can then save to his/her hard drive from the
> browser if needed. If so, would the command be:
>
> navigateToURL(new URLRequest( _downloadFileRef ));
>
>
> ----- Original Message -----
>
> From: "Eugene Ramirez" <ra...@gmail.com>
> To: users@flex.apache.org
> Sent: Sunday, April 6, 2014 10:29:16 AM
> Subject: Re: access PDF doc from inside Flex app but not outside?
>
> navigateToURL will open in a new browser. The code I provided is for
> downloading a file to directory that the user specifies. So what you want
> to use navigateToURL as Maurice stated.
>
>
> On Sun, Apr 6, 2014 at 8:43 AM, Maurice Amsellem <
> maurice.amsellem@systar.com> wrote:
>
> > If you want to open the PDF in a new window, you can use an alternate
> way:
> >
> > - create an URLRequest same way,
> > - then navigate to the url using navigateToURL( urlRequest, "_blank");
> >
> > See:
> >
> > http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/fla
> > sh/net/package.html#navigateToURL()
> >
> >
> >
> > -----Message d'origine-----
> > De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > dimanche 6 avril 2014 16:46 À : users@flex.apache.org Objet : Re:
> > access PDF doc from inside Flex app but not outside?
> >
> > Thanks so much Eugene,
> >
> > >The front end user never sees the actual filename of my file or where
> > >on
> > my server it is stored.
> >
> > Can you describe what the user does see in the client? That is, how
> > does he/she open the downloaded PDF file? Does the user need to go to
> > the Downloads folder to locate the file, then open it? Or, is there
> > another statement, perhaps in the function downloadFileRef_complete,
> > that opens the downloaded PDF file in a new browser window (if so,
> > what's the command and what shows in the URL of that window)? It would
> > help to see what's in downloadFileRef_complete, and
> downloadFileRef_progress (if possible).
> >
> > ----- Original Message -----
> >
> > From: "Eugene Ramirez" <ra...@gmail.com>
> > To: users@flex.apache.org
> > Sent: Saturday, April 5, 2014 5:44:47 PM
> > Subject: Re: access PDF doc from inside Flex app but not outside?
> >
> > One more thing. The front end user sees a nice filename associated to
> > some id. On the server this id has a record that has the actual disk
> > filename that I'm going to retrieve. The front end user never sees the
> > actual filename of my file or where on my server it is stored.
> >
> > So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
> >
> > On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez
> > <ramirez.eugene@gmail.com
> > >wrote:
> >
> > > I have files stored on the server which can either be inside a
> > > database or some other file the servlet has access but not under the
> > > public_html directory and while I'm using JBOSS the servlet is the
> > > one that returns the file the user has requested.
> > >
> > > The piece of code the servlet executes is:
> > >
> > > //find out the filename using some logic and checking if the user
> > > has access rights //once I have it I execute the following code:
> > >
> > > File file=new File(filename);
> > > if (file.exists()){
> > > resp.setContentType("application/x-download");
> > > resp.setHeader("Content-Disposition", "attachment; filename=" +
> > > clientFilenameToBeSavedAs); returnFile(filename,
> > > resp.getOutputStream()); }else{ //System.out.println("file DOES NOT
> > > exist:" + filename); //error handling goes here }
> > >
> > >
> > >
> > >
> > > returnFile method
> > >
> > > public static void returnFile(String filename, OutputStream out)
> > > throws FileNotFoundException, IOException { InputStream in = null;
> > > try { in = new BufferedInputStream(new FileInputStream(filename));
> > > byte[] buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while
> > > ((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead); }
> > > } finally { if (in != null) in.close(); } }
> > >
> > >
> > >
> > > My FLEX code that will call the servlet method:
> > >
> > >
> > > private function startDownloadingFile(attachment:Attachment):void{
> > > if (_downloadFileRef==null) _downloadFileRef=new FileReference();
> > > var req:URLRequest=new URLRequest(SERVER_URL); var
> > > variables:URLVariables=new URLVariables();
> > > variables.command=DOWNLOAD_ATTACHMENT;
> > > variables.attachmentId=attachment.id;
> > > variables.sessionId=Params.getInstance().get("sessionId");
> > > req.data=variables;
> > > _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> > > downloadFileRef_progress);
> > > _downloadFileRef.addEventListener(Event.COMPLETE,
> > > downloadFileRef_complete);
> > > _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_cance
> > > l)
> > > ;
> > > try{
> > > mx.managers.CursorManager.setBusyCursor();
> > > _downloadFileRef.download(req,attachment.filename);
> > > }catch(error:Error){
> > > mx.managers.CursorManager.removeBusyCursor();
> > > Alert.show("unable to download file","Error downloading file"); } }
> > >
> > >
> > > Note: My user has already been authenticated by the server and has a
> > > sessionId that is unique to the user. On the server I have this
> > > sessionId stored with a reference to the user. Anytime someone wants
> > > to download a file I check the sessionId and see if its:
> > > 1) Valid
> > > 2) The filename the user is trying to download has access to
> > > download the file
> > >
> > > The servlet goes and gets the file that is not in a public directory
> > > and sends it over.
> > >
> > > Others might have a different method of doing this but this works for
> me.
> > >
> > > Hopefully this helps.
> > > Ruben
> > >
> > >
> > >
> > > On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> > > maurice.amsellem@systar.com> wrote:
> > >
> > >> >how does the servlet open the PDF in a new (client) browser window
> > >> It's not the servlet, it's the flex app that is responsible of
> > >> opening the new window.
> > >> The servlet will simply read the bytes of the PDF file and write
> > >> them to the output stream, as if it was a static file (that what
> > >> the http server does actually)
> > >>
> > >> > And when it does open the PDF in a new browser window, wouldn't
> > >> > the
> > >> full URL including token be shown in the browser (if so, someone
> > >> could copy this URL and e-mail to someone else to open it)?
> > >> The "security token" would be valid for the current user session only.
> > >> You could for example use the jsessionid as a key (or something
> > similar).
> > >> So if someone else that is not logged tries the same url, it will
> > >> not work.
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re:
> > >> access PDF doc from inside Flex app but not outside?
> > >>
> > >> I call a few Java servlets in my app using HTTPService(), although
> > >> my app is not contained in a JEE Web App as far as I know.
> > >>
> > >> Let me see if I follow... the servlet is called from within Flex
> > >> using a specific URL. I can append some text representing a
> > >> "security token" on that URL, which the servlet validates then ...
> > >> hmm, how does the servlet open the PDF in a new (client) browser
> > >> window (maybe you can refer me to a specific command I can research
> > >> to figure that
> > out)?
> > >>
> > >> And when it does open the PDF in a new browser window, wouldn't the
> > >> full URL including token be shown in the browser (if so, someone
> > >> could copy this URL and e-mail to someone else to open it)?
> > >>
> > >>
> > >> ----- Original Message -----
> > >>
> > >> From: "Maurice Amsellem" <ma...@systar.com>
> > >> To: users@flex.apache.org
> > >> Sent: Friday, April 4, 2014 3:05:50 PM
> > >> Subject: RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> Then the PDF files would be stored in the private area of the
> > >> web-app (under WEB-INF) , so they can't be accessed directly.
> > >>
> > >> There are probably variants of this, but I think you get the idea.
> > >>
> > >> -----Message d'origine-----
> > >> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> > >> Envoyé : samedi 5 avril 2014 00:04 À : users@flex.apache.org Objet
> > >> : RE: access PDF doc from inside Flex app but not outside?
> > >>
> > >> If your app is contained in a JEE Web App, you could probably write
> > >> a servlet to download the PDF securely, using a "security token" or
> > something.
> > >> The Flex App would simply request the servlet through its url to
> > >> get the PDF, and pass it the security token.
> > >>
> > >> Makes sense ?
> > >>
> > >> Maurice
> > >>
> > >> -----Message d'origine-----
> > >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> > >> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access
> > >> PDF doc from inside Flex app but not outside?
> > >>
> > >> I have a desktop Flex app that users register and login. I need to
> > >> provide these users access to technical documents in PDF format.
> > >> However, I don't want to put these docs in my server's public_html
> > >> directory because then any visitor can potentially view them. Is
> > >> there any way for the Flex app to open these PDF files in a new
> > >> browser window, while preventing their access by website visitors?
> > >> That is, the files can only be opened when logged into the app, and
> > >> not by copying and pasting a link in an email that goes to someone
> > >> else
> > for them to open in any browser.
> > >>
> > >> I understand the user can simply download the PDF file and e-mail
> > >> it if he/she really wants to (I'm just trying to make it a little
> > >> more
> > difficult).
> > >>
> > >> I was thinking maybe there was a way to place the PDF files
> > >> somewhere in the Java application server since only Flex has access
> > >> there (a firewall blocks website visitors). Thought maybe someone
> > >> ran into this before and could help me see what's possible.
> > >>
> > >>
> > >
> >
> >
>
>
RE: access PDF doc from inside Flex app but not outside?
Posted by Maurice Amsellem <ma...@systar.com>.
>My app isn't permitted to access a user's directory
Do you mean the Flex app or the web app?
Maurice
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net]
Envoyé : dimanche 6 avril 2014 19:40
À : users@flex.apache.org
Objet : Re: access PDF doc from inside Flex app but not outside?
Thanks for the info Eugene and Maurice, My app isn't permitted to access a user's directory. Can I simply download to cache memory, then load it into browser from there? User can then save to his/her hard drive from the browser if needed. If so, would the command be:
navigateToURL(new URLRequest( _downloadFileRef ));
----- Original Message -----
From: "Eugene Ramirez" <ra...@gmail.com>
To: users@flex.apache.org
Sent: Sunday, April 6, 2014 10:29:16 AM
Subject: Re: access PDF doc from inside Flex app but not outside?
navigateToURL will open in a new browser. The code I provided is for downloading a file to directory that the user specifies. So what you want to use navigateToURL as Maurice stated.
On Sun, Apr 6, 2014 at 8:43 AM, Maurice Amsellem < maurice.amsellem@systar.com> wrote:
> If you want to open the PDF in a new window, you can use an alternate way:
>
> - create an URLRequest same way,
> - then navigate to the url using navigateToURL( urlRequest, "_blank");
>
> See:
>
> http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/fla
> sh/net/package.html#navigateToURL()
>
>
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> dimanche 6 avril 2014 16:46 À : users@flex.apache.org Objet : Re:
> access PDF doc from inside Flex app but not outside?
>
> Thanks so much Eugene,
>
> >The front end user never sees the actual filename of my file or where
> >on
> my server it is stored.
>
> Can you describe what the user does see in the client? That is, how
> does he/she open the downloaded PDF file? Does the user need to go to
> the Downloads folder to locate the file, then open it? Or, is there
> another statement, perhaps in the function downloadFileRef_complete,
> that opens the downloaded PDF file in a new browser window (if so,
> what's the command and what shows in the URL of that window)? It would
> help to see what's in downloadFileRef_complete, and downloadFileRef_progress (if possible).
>
> ----- Original Message -----
>
> From: "Eugene Ramirez" <ra...@gmail.com>
> To: users@flex.apache.org
> Sent: Saturday, April 5, 2014 5:44:47 PM
> Subject: Re: access PDF doc from inside Flex app but not outside?
>
> One more thing. The front end user sees a nice filename associated to
> some id. On the server this id has a record that has the actual disk
> filename that I'm going to retrieve. The front end user never sees the
> actual filename of my file or where on my server it is stored.
>
> So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
>
> On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez
> <ramirez.eugene@gmail.com
> >wrote:
>
> > I have files stored on the server which can either be inside a
> > database or some other file the servlet has access but not under the
> > public_html directory and while I'm using JBOSS the servlet is the
> > one that returns the file the user has requested.
> >
> > The piece of code the servlet executes is:
> >
> > //find out the filename using some logic and checking if the user
> > has access rights //once I have it I execute the following code:
> >
> > File file=new File(filename);
> > if (file.exists()){
> > resp.setContentType("application/x-download");
> > resp.setHeader("Content-Disposition", "attachment; filename=" +
> > clientFilenameToBeSavedAs); returnFile(filename,
> > resp.getOutputStream()); }else{ //System.out.println("file DOES NOT
> > exist:" + filename); //error handling goes here }
> >
> >
> >
> >
> > returnFile method
> >
> > public static void returnFile(String filename, OutputStream out)
> > throws FileNotFoundException, IOException { InputStream in = null;
> > try { in = new BufferedInputStream(new FileInputStream(filename));
> > byte[] buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while
> > ((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead); }
> > } finally { if (in != null) in.close(); } }
> >
> >
> >
> > My FLEX code that will call the servlet method:
> >
> >
> > private function startDownloadingFile(attachment:Attachment):void{
> > if (_downloadFileRef==null) _downloadFileRef=new FileReference();
> > var req:URLRequest=new URLRequest(SERVER_URL); var
> > variables:URLVariables=new URLVariables();
> > variables.command=DOWNLOAD_ATTACHMENT;
> > variables.attachmentId=attachment.id;
> > variables.sessionId=Params.getInstance().get("sessionId");
> > req.data=variables;
> > _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> > downloadFileRef_progress);
> > _downloadFileRef.addEventListener(Event.COMPLETE,
> > downloadFileRef_complete);
> > _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_cance
> > l)
> > ;
> > try{
> > mx.managers.CursorManager.setBusyCursor();
> > _downloadFileRef.download(req,attachment.filename);
> > }catch(error:Error){
> > mx.managers.CursorManager.removeBusyCursor();
> > Alert.show("unable to download file","Error downloading file"); } }
> >
> >
> > Note: My user has already been authenticated by the server and has a
> > sessionId that is unique to the user. On the server I have this
> > sessionId stored with a reference to the user. Anytime someone wants
> > to download a file I check the sessionId and see if its:
> > 1) Valid
> > 2) The filename the user is trying to download has access to
> > download the file
> >
> > The servlet goes and gets the file that is not in a public directory
> > and sends it over.
> >
> > Others might have a different method of doing this but this works for me.
> >
> > Hopefully this helps.
> > Ruben
> >
> >
> >
> > On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> > maurice.amsellem@systar.com> wrote:
> >
> >> >how does the servlet open the PDF in a new (client) browser window
> >> It's not the servlet, it's the flex app that is responsible of
> >> opening the new window.
> >> The servlet will simply read the bytes of the PDF file and write
> >> them to the output stream, as if it was a static file (that what
> >> the http server does actually)
> >>
> >> > And when it does open the PDF in a new browser window, wouldn't
> >> > the
> >> full URL including token be shown in the browser (if so, someone
> >> could copy this URL and e-mail to someone else to open it)?
> >> The "security token" would be valid for the current user session only.
> >> You could for example use the jsessionid as a key (or something
> similar).
> >> So if someone else that is not logged tries the same url, it will
> >> not work.
> >>
> >> Maurice
> >>
> >> -----Message d'origine-----
> >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> >> samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re:
> >> access PDF doc from inside Flex app but not outside?
> >>
> >> I call a few Java servlets in my app using HTTPService(), although
> >> my app is not contained in a JEE Web App as far as I know.
> >>
> >> Let me see if I follow... the servlet is called from within Flex
> >> using a specific URL. I can append some text representing a
> >> "security token" on that URL, which the servlet validates then ...
> >> hmm, how does the servlet open the PDF in a new (client) browser
> >> window (maybe you can refer me to a specific command I can research
> >> to figure that
> out)?
> >>
> >> And when it does open the PDF in a new browser window, wouldn't the
> >> full URL including token be shown in the browser (if so, someone
> >> could copy this URL and e-mail to someone else to open it)?
> >>
> >>
> >> ----- Original Message -----
> >>
> >> From: "Maurice Amsellem" <ma...@systar.com>
> >> To: users@flex.apache.org
> >> Sent: Friday, April 4, 2014 3:05:50 PM
> >> Subject: RE: access PDF doc from inside Flex app but not outside?
> >>
> >> Then the PDF files would be stored in the private area of the
> >> web-app (under WEB-INF) , so they can't be accessed directly.
> >>
> >> There are probably variants of this, but I think you get the idea.
> >>
> >> -----Message d'origine-----
> >> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> >> Envoyé : samedi 5 avril 2014 00:04 À : users@flex.apache.org Objet
> >> : RE: access PDF doc from inside Flex app but not outside?
> >>
> >> If your app is contained in a JEE Web App, you could probably write
> >> a servlet to download the PDF securely, using a "security token" or
> something.
> >> The Flex App would simply request the servlet through its url to
> >> get the PDF, and pass it the security token.
> >>
> >> Makes sense ?
> >>
> >> Maurice
> >>
> >> -----Message d'origine-----
> >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> >> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access
> >> PDF doc from inside Flex app but not outside?
> >>
> >> I have a desktop Flex app that users register and login. I need to
> >> provide these users access to technical documents in PDF format.
> >> However, I don't want to put these docs in my server's public_html
> >> directory because then any visitor can potentially view them. Is
> >> there any way for the Flex app to open these PDF files in a new
> >> browser window, while preventing their access by website visitors?
> >> That is, the files can only be opened when logged into the app, and
> >> not by copying and pasting a link in an email that goes to someone
> >> else
> for them to open in any browser.
> >>
> >> I understand the user can simply download the PDF file and e-mail
> >> it if he/she really wants to (I'm just trying to make it a little
> >> more
> difficult).
> >>
> >> I was thinking maybe there was a way to place the PDF files
> >> somewhere in the Java application server since only Flex has access
> >> there (a firewall blocks website visitors). Thought maybe someone
> >> ran into this before and could help me see what's possible.
> >>
> >>
> >
>
>
Re: access PDF doc from inside Flex app but not outside?
Posted by mo...@comcast.net.
Thanks for the info Eugene and Maurice, My app isn't permitted to access a user's directory. Can I simply download to cache memory, then load it into browser from there? User can then save to his/her hard drive from the browser if needed. If so, would the command be:
navigateToURL(new URLRequest( _downloadFileRef ));
----- Original Message -----
From: "Eugene Ramirez" <ra...@gmail.com>
To: users@flex.apache.org
Sent: Sunday, April 6, 2014 10:29:16 AM
Subject: Re: access PDF doc from inside Flex app but not outside?
navigateToURL will open in a new browser. The code I provided is for
downloading a file to directory that the user specifies. So what you want
to use navigateToURL as Maurice stated.
On Sun, Apr 6, 2014 at 8:43 AM, Maurice Amsellem <
maurice.amsellem@systar.com> wrote:
> If you want to open the PDF in a new window, you can use an alternate way:
>
> - create an URLRequest same way,
> - then navigate to the url using navigateToURL( urlRequest, "_blank");
>
> See:
>
> http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/package.html#navigateToURL()
>
>
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net]
> Envoyé : dimanche 6 avril 2014 16:46
> À : users@flex.apache.org
> Objet : Re: access PDF doc from inside Flex app but not outside?
>
> Thanks so much Eugene,
>
> >The front end user never sees the actual filename of my file or where on
> my server it is stored.
>
> Can you describe what the user does see in the client? That is, how does
> he/she open the downloaded PDF file? Does the user need to go to the
> Downloads folder to locate the file, then open it? Or, is there another
> statement, perhaps in the function downloadFileRef_complete, that opens the
> downloaded PDF file in a new browser window (if so, what's the command and
> what shows in the URL of that window)? It would help to see what's in
> downloadFileRef_complete, and downloadFileRef_progress (if possible).
>
> ----- Original Message -----
>
> From: "Eugene Ramirez" <ra...@gmail.com>
> To: users@flex.apache.org
> Sent: Saturday, April 5, 2014 5:44:47 PM
> Subject: Re: access PDF doc from inside Flex app but not outside?
>
> One more thing. The front end user sees a nice filename associated to some
> id. On the server this id has a record that has the actual disk filename
> that I'm going to retrieve. The front end user never sees the actual
> filename of my file or where on my server it is stored.
>
> So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
>
> On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez <ramirez.eugene@gmail.com
> >wrote:
>
> > I have files stored on the server which can either be inside a
> > database or some other file the servlet has access but not under the
> > public_html directory and while I'm using JBOSS the servlet is the one
> > that returns the file the user has requested.
> >
> > The piece of code the servlet executes is:
> >
> > //find out the filename using some logic and checking if the user has
> > access rights //once I have it I execute the following code:
> >
> > File file=new File(filename);
> > if (file.exists()){
> > resp.setContentType("application/x-download");
> > resp.setHeader("Content-Disposition", "attachment; filename=" +
> > clientFilenameToBeSavedAs); returnFile(filename,
> > resp.getOutputStream()); }else{ //System.out.println("file DOES NOT
> > exist:" + filename); //error handling goes here }
> >
> >
> >
> >
> > returnFile method
> >
> > public static void returnFile(String filename, OutputStream out)
> > throws FileNotFoundException, IOException { InputStream in = null; try
> > { in = new BufferedInputStream(new FileInputStream(filename)); byte[]
> > buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while
> > ((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead); } }
> > finally { if (in != null) in.close(); } }
> >
> >
> >
> > My FLEX code that will call the servlet method:
> >
> >
> > private function startDownloadingFile(attachment:Attachment):void{
> > if (_downloadFileRef==null) _downloadFileRef=new FileReference(); var
> > req:URLRequest=new URLRequest(SERVER_URL); var
> > variables:URLVariables=new URLVariables();
> > variables.command=DOWNLOAD_ATTACHMENT;
> > variables.attachmentId=attachment.id;
> > variables.sessionId=Params.getInstance().get("sessionId");
> > req.data=variables;
> > _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> > downloadFileRef_progress);
> > _downloadFileRef.addEventListener(Event.COMPLETE,
> > downloadFileRef_complete);
> > _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_cancel)
> > ;
> > try{
> > mx.managers.CursorManager.setBusyCursor();
> > _downloadFileRef.download(req,attachment.filename);
> > }catch(error:Error){
> > mx.managers.CursorManager.removeBusyCursor();
> > Alert.show("unable to download file","Error downloading file"); } }
> >
> >
> > Note: My user has already been authenticated by the server and has a
> > sessionId that is unique to the user. On the server I have this
> > sessionId stored with a reference to the user. Anytime someone wants
> > to download a file I check the sessionId and see if its:
> > 1) Valid
> > 2) The filename the user is trying to download has access to download
> > the file
> >
> > The servlet goes and gets the file that is not in a public directory
> > and sends it over.
> >
> > Others might have a different method of doing this but this works for me.
> >
> > Hopefully this helps.
> > Ruben
> >
> >
> >
> > On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> > maurice.amsellem@systar.com> wrote:
> >
> >> >how does the servlet open the PDF in a new (client) browser window
> >> It's not the servlet, it's the flex app that is responsible of
> >> opening the new window.
> >> The servlet will simply read the bytes of the PDF file and write them
> >> to the output stream, as if it was a static file (that what the http
> >> server does actually)
> >>
> >> > And when it does open the PDF in a new browser window, wouldn't the
> >> full URL including token be shown in the browser (if so, someone
> >> could copy this URL and e-mail to someone else to open it)?
> >> The "security token" would be valid for the current user session only.
> >> You could for example use the jsessionid as a key (or something
> similar).
> >> So if someone else that is not logged tries the same url, it will not
> >> work.
> >>
> >> Maurice
> >>
> >> -----Message d'origine-----
> >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> >> samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re:
> >> access PDF doc from inside Flex app but not outside?
> >>
> >> I call a few Java servlets in my app using HTTPService(), although my
> >> app is not contained in a JEE Web App as far as I know.
> >>
> >> Let me see if I follow... the servlet is called from within Flex
> >> using a specific URL. I can append some text representing a "security
> >> token" on that URL, which the servlet validates then ... hmm, how
> >> does the servlet open the PDF in a new (client) browser window (maybe
> >> you can refer me to a specific command I can research to figure that
> out)?
> >>
> >> And when it does open the PDF in a new browser window, wouldn't the
> >> full URL including token be shown in the browser (if so, someone
> >> could copy this URL and e-mail to someone else to open it)?
> >>
> >>
> >> ----- Original Message -----
> >>
> >> From: "Maurice Amsellem" <ma...@systar.com>
> >> To: users@flex.apache.org
> >> Sent: Friday, April 4, 2014 3:05:50 PM
> >> Subject: RE: access PDF doc from inside Flex app but not outside?
> >>
> >> Then the PDF files would be stored in the private area of the web-app
> >> (under WEB-INF) , so they can't be accessed directly.
> >>
> >> There are probably variants of this, but I think you get the idea.
> >>
> >> -----Message d'origine-----
> >> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> >> Envoyé : samedi 5 avril 2014 00:04
> >> À : users@flex.apache.org
> >> Objet : RE: access PDF doc from inside Flex app but not outside?
> >>
> >> If your app is contained in a JEE Web App, you could probably write a
> >> servlet to download the PDF securely, using a "security token" or
> something.
> >> The Flex App would simply request the servlet through its url to get
> >> the PDF, and pass it the security token.
> >>
> >> Makes sense ?
> >>
> >> Maurice
> >>
> >> -----Message d'origine-----
> >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> >> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access PDF
> >> doc from inside Flex app but not outside?
> >>
> >> I have a desktop Flex app that users register and login. I need to
> >> provide these users access to technical documents in PDF format.
> >> However, I don't want to put these docs in my server's public_html
> >> directory because then any visitor can potentially view them. Is
> >> there any way for the Flex app to open these PDF files in a new
> >> browser window, while preventing their access by website visitors?
> >> That is, the files can only be opened when logged into the app, and
> >> not by copying and pasting a link in an email that goes to someone else
> for them to open in any browser.
> >>
> >> I understand the user can simply download the PDF file and e-mail it
> >> if he/she really wants to (I'm just trying to make it a little more
> difficult).
> >>
> >> I was thinking maybe there was a way to place the PDF files somewhere
> >> in the Java application server since only Flex has access there (a
> >> firewall blocks website visitors). Thought maybe someone ran into
> >> this before and could help me see what's possible.
> >>
> >>
> >
>
>
Re: access PDF doc from inside Flex app but not outside?
Posted by Eugene Ramirez <ra...@gmail.com>.
navigateToURL will open in a new browser. The code I provided is for
downloading a file to directory that the user specifies. So what you want
to use navigateToURL as Maurice stated.
On Sun, Apr 6, 2014 at 8:43 AM, Maurice Amsellem <
maurice.amsellem@systar.com> wrote:
> If you want to open the PDF in a new window, you can use an alternate way:
>
> - create an URLRequest same way,
> - then navigate to the url using navigateToURL( urlRequest, "_blank");
>
> See:
>
> http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/package.html#navigateToURL()
>
>
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net]
> Envoyé : dimanche 6 avril 2014 16:46
> À : users@flex.apache.org
> Objet : Re: access PDF doc from inside Flex app but not outside?
>
> Thanks so much Eugene,
>
> >The front end user never sees the actual filename of my file or where on
> my server it is stored.
>
> Can you describe what the user does see in the client? That is, how does
> he/she open the downloaded PDF file? Does the user need to go to the
> Downloads folder to locate the file, then open it? Or, is there another
> statement, perhaps in the function downloadFileRef_complete, that opens the
> downloaded PDF file in a new browser window (if so, what's the command and
> what shows in the URL of that window)? It would help to see what's in
> downloadFileRef_complete, and downloadFileRef_progress (if possible).
>
> ----- Original Message -----
>
> From: "Eugene Ramirez" <ra...@gmail.com>
> To: users@flex.apache.org
> Sent: Saturday, April 5, 2014 5:44:47 PM
> Subject: Re: access PDF doc from inside Flex app but not outside?
>
> One more thing. The front end user sees a nice filename associated to some
> id. On the server this id has a record that has the actual disk filename
> that I'm going to retrieve. The front end user never sees the actual
> filename of my file or where on my server it is stored.
>
> So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
>
> On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez <ramirez.eugene@gmail.com
> >wrote:
>
> > I have files stored on the server which can either be inside a
> > database or some other file the servlet has access but not under the
> > public_html directory and while I'm using JBOSS the servlet is the one
> > that returns the file the user has requested.
> >
> > The piece of code the servlet executes is:
> >
> > //find out the filename using some logic and checking if the user has
> > access rights //once I have it I execute the following code:
> >
> > File file=new File(filename);
> > if (file.exists()){
> > resp.setContentType("application/x-download");
> > resp.setHeader("Content-Disposition", "attachment; filename=" +
> > clientFilenameToBeSavedAs); returnFile(filename,
> > resp.getOutputStream()); }else{ //System.out.println("file DOES NOT
> > exist:" + filename); //error handling goes here }
> >
> >
> >
> >
> > returnFile method
> >
> > public static void returnFile(String filename, OutputStream out)
> > throws FileNotFoundException, IOException { InputStream in = null; try
> > { in = new BufferedInputStream(new FileInputStream(filename)); byte[]
> > buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while
> > ((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead); } }
> > finally { if (in != null) in.close(); } }
> >
> >
> >
> > My FLEX code that will call the servlet method:
> >
> >
> > private function startDownloadingFile(attachment:Attachment):void{
> > if (_downloadFileRef==null) _downloadFileRef=new FileReference(); var
> > req:URLRequest=new URLRequest(SERVER_URL); var
> > variables:URLVariables=new URLVariables();
> > variables.command=DOWNLOAD_ATTACHMENT;
> > variables.attachmentId=attachment.id;
> > variables.sessionId=Params.getInstance().get("sessionId");
> > req.data=variables;
> > _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> > downloadFileRef_progress);
> > _downloadFileRef.addEventListener(Event.COMPLETE,
> > downloadFileRef_complete);
> > _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_cancel)
> > ;
> > try{
> > mx.managers.CursorManager.setBusyCursor();
> > _downloadFileRef.download(req,attachment.filename);
> > }catch(error:Error){
> > mx.managers.CursorManager.removeBusyCursor();
> > Alert.show("unable to download file","Error downloading file"); } }
> >
> >
> > Note: My user has already been authenticated by the server and has a
> > sessionId that is unique to the user. On the server I have this
> > sessionId stored with a reference to the user. Anytime someone wants
> > to download a file I check the sessionId and see if its:
> > 1) Valid
> > 2) The filename the user is trying to download has access to download
> > the file
> >
> > The servlet goes and gets the file that is not in a public directory
> > and sends it over.
> >
> > Others might have a different method of doing this but this works for me.
> >
> > Hopefully this helps.
> > Ruben
> >
> >
> >
> > On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> > maurice.amsellem@systar.com> wrote:
> >
> >> >how does the servlet open the PDF in a new (client) browser window
> >> It's not the servlet, it's the flex app that is responsible of
> >> opening the new window.
> >> The servlet will simply read the bytes of the PDF file and write them
> >> to the output stream, as if it was a static file (that what the http
> >> server does actually)
> >>
> >> > And when it does open the PDF in a new browser window, wouldn't the
> >> full URL including token be shown in the browser (if so, someone
> >> could copy this URL and e-mail to someone else to open it)?
> >> The "security token" would be valid for the current user session only.
> >> You could for example use the jsessionid as a key (or something
> similar).
> >> So if someone else that is not logged tries the same url, it will not
> >> work.
> >>
> >> Maurice
> >>
> >> -----Message d'origine-----
> >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> >> samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re:
> >> access PDF doc from inside Flex app but not outside?
> >>
> >> I call a few Java servlets in my app using HTTPService(), although my
> >> app is not contained in a JEE Web App as far as I know.
> >>
> >> Let me see if I follow... the servlet is called from within Flex
> >> using a specific URL. I can append some text representing a "security
> >> token" on that URL, which the servlet validates then ... hmm, how
> >> does the servlet open the PDF in a new (client) browser window (maybe
> >> you can refer me to a specific command I can research to figure that
> out)?
> >>
> >> And when it does open the PDF in a new browser window, wouldn't the
> >> full URL including token be shown in the browser (if so, someone
> >> could copy this URL and e-mail to someone else to open it)?
> >>
> >>
> >> ----- Original Message -----
> >>
> >> From: "Maurice Amsellem" <ma...@systar.com>
> >> To: users@flex.apache.org
> >> Sent: Friday, April 4, 2014 3:05:50 PM
> >> Subject: RE: access PDF doc from inside Flex app but not outside?
> >>
> >> Then the PDF files would be stored in the private area of the web-app
> >> (under WEB-INF) , so they can't be accessed directly.
> >>
> >> There are probably variants of this, but I think you get the idea.
> >>
> >> -----Message d'origine-----
> >> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> >> Envoyé : samedi 5 avril 2014 00:04
> >> À : users@flex.apache.org
> >> Objet : RE: access PDF doc from inside Flex app but not outside?
> >>
> >> If your app is contained in a JEE Web App, you could probably write a
> >> servlet to download the PDF securely, using a "security token" or
> something.
> >> The Flex App would simply request the servlet through its url to get
> >> the PDF, and pass it the security token.
> >>
> >> Makes sense ?
> >>
> >> Maurice
> >>
> >> -----Message d'origine-----
> >> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> >> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access PDF
> >> doc from inside Flex app but not outside?
> >>
> >> I have a desktop Flex app that users register and login. I need to
> >> provide these users access to technical documents in PDF format.
> >> However, I don't want to put these docs in my server's public_html
> >> directory because then any visitor can potentially view them. Is
> >> there any way for the Flex app to open these PDF files in a new
> >> browser window, while preventing their access by website visitors?
> >> That is, the files can only be opened when logged into the app, and
> >> not by copying and pasting a link in an email that goes to someone else
> for them to open in any browser.
> >>
> >> I understand the user can simply download the PDF file and e-mail it
> >> if he/she really wants to (I'm just trying to make it a little more
> difficult).
> >>
> >> I was thinking maybe there was a way to place the PDF files somewhere
> >> in the Java application server since only Flex has access there (a
> >> firewall blocks website visitors). Thought maybe someone ran into
> >> this before and could help me see what's possible.
> >>
> >>
> >
>
>
RE: access PDF doc from inside Flex app but not outside?
Posted by Maurice Amsellem <ma...@systar.com>.
If you want to open the PDF in a new window, you can use an alternate way:
- create an URLRequest same way,
- then navigate to the url using navigateToURL( urlRequest, "_blank");
See:
http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/package.html#navigateToURL()
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net]
Envoyé : dimanche 6 avril 2014 16:46
À : users@flex.apache.org
Objet : Re: access PDF doc from inside Flex app but not outside?
Thanks so much Eugene,
>The front end user never sees the actual filename of my file or where on my server it is stored.
Can you describe what the user does see in the client? That is, how does he/she open the downloaded PDF file? Does the user need to go to the Downloads folder to locate the file, then open it? Or, is there another statement, perhaps in the function downloadFileRef_complete, that opens the downloaded PDF file in a new browser window (if so, what's the command and what shows in the URL of that window)? It would help to see what's in downloadFileRef_complete, and downloadFileRef_progress (if possible).
----- Original Message -----
From: "Eugene Ramirez" <ra...@gmail.com>
To: users@flex.apache.org
Sent: Saturday, April 5, 2014 5:44:47 PM
Subject: Re: access PDF doc from inside Flex app but not outside?
One more thing. The front end user sees a nice filename associated to some id. On the server this id has a record that has the actual disk filename that I'm going to retrieve. The front end user never sees the actual filename of my file or where on my server it is stored.
So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez <ra...@gmail.com>wrote:
> I have files stored on the server which can either be inside a
> database or some other file the servlet has access but not under the
> public_html directory and while I'm using JBOSS the servlet is the one
> that returns the file the user has requested.
>
> The piece of code the servlet executes is:
>
> //find out the filename using some logic and checking if the user has
> access rights //once I have it I execute the following code:
>
> File file=new File(filename);
> if (file.exists()){
> resp.setContentType("application/x-download");
> resp.setHeader("Content-Disposition", "attachment; filename=" +
> clientFilenameToBeSavedAs); returnFile(filename,
> resp.getOutputStream()); }else{ //System.out.println("file DOES NOT
> exist:" + filename); //error handling goes here }
>
>
>
>
> returnFile method
>
> public static void returnFile(String filename, OutputStream out)
> throws FileNotFoundException, IOException { InputStream in = null; try
> { in = new BufferedInputStream(new FileInputStream(filename)); byte[]
> buf = new byte[4 * 1024]; // 4K buffer int bytesRead; while
> ((bytesRead = in.read(buf)) != -1) { out.write(buf, 0, bytesRead); } }
> finally { if (in != null) in.close(); } }
>
>
>
> My FLEX code that will call the servlet method:
>
>
> private function startDownloadingFile(attachment:Attachment):void{
> if (_downloadFileRef==null) _downloadFileRef=new FileReference(); var
> req:URLRequest=new URLRequest(SERVER_URL); var
> variables:URLVariables=new URLVariables();
> variables.command=DOWNLOAD_ATTACHMENT;
> variables.attachmentId=attachment.id;
> variables.sessionId=Params.getInstance().get("sessionId");
> req.data=variables;
> _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> downloadFileRef_progress);
> _downloadFileRef.addEventListener(Event.COMPLETE,
> downloadFileRef_complete);
> _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_cancel)
> ;
> try{
> mx.managers.CursorManager.setBusyCursor();
> _downloadFileRef.download(req,attachment.filename);
> }catch(error:Error){
> mx.managers.CursorManager.removeBusyCursor();
> Alert.show("unable to download file","Error downloading file"); } }
>
>
> Note: My user has already been authenticated by the server and has a
> sessionId that is unique to the user. On the server I have this
> sessionId stored with a reference to the user. Anytime someone wants
> to download a file I check the sessionId and see if its:
> 1) Valid
> 2) The filename the user is trying to download has access to download
> the file
>
> The servlet goes and gets the file that is not in a public directory
> and sends it over.
>
> Others might have a different method of doing this but this works for me.
>
> Hopefully this helps.
> Ruben
>
>
>
> On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> maurice.amsellem@systar.com> wrote:
>
>> >how does the servlet open the PDF in a new (client) browser window
>> It's not the servlet, it's the flex app that is responsible of
>> opening the new window.
>> The servlet will simply read the bytes of the PDF file and write them
>> to the output stream, as if it was a static file (that what the http
>> server does actually)
>>
>> > And when it does open the PDF in a new browser window, wouldn't the
>> full URL including token be shown in the browser (if so, someone
>> could copy this URL and e-mail to someone else to open it)?
>> The "security token" would be valid for the current user session only.
>> You could for example use the jsessionid as a key (or something similar).
>> So if someone else that is not logged tries the same url, it will not
>> work.
>>
>> Maurice
>>
>> -----Message d'origine-----
>> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
>> samedi 5 avril 2014 00:23 À : users@flex.apache.org Objet : Re:
>> access PDF doc from inside Flex app but not outside?
>>
>> I call a few Java servlets in my app using HTTPService(), although my
>> app is not contained in a JEE Web App as far as I know.
>>
>> Let me see if I follow... the servlet is called from within Flex
>> using a specific URL. I can append some text representing a "security
>> token" on that URL, which the servlet validates then ... hmm, how
>> does the servlet open the PDF in a new (client) browser window (maybe
>> you can refer me to a specific command I can research to figure that out)?
>>
>> And when it does open the PDF in a new browser window, wouldn't the
>> full URL including token be shown in the browser (if so, someone
>> could copy this URL and e-mail to someone else to open it)?
>>
>>
>> ----- Original Message -----
>>
>> From: "Maurice Amsellem" <ma...@systar.com>
>> To: users@flex.apache.org
>> Sent: Friday, April 4, 2014 3:05:50 PM
>> Subject: RE: access PDF doc from inside Flex app but not outside?
>>
>> Then the PDF files would be stored in the private area of the web-app
>> (under WEB-INF) , so they can't be accessed directly.
>>
>> There are probably variants of this, but I think you get the idea.
>>
>> -----Message d'origine-----
>> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
>> Envoyé : samedi 5 avril 2014 00:04
>> À : users@flex.apache.org
>> Objet : RE: access PDF doc from inside Flex app but not outside?
>>
>> If your app is contained in a JEE Web App, you could probably write a
>> servlet to download the PDF securely, using a "security token" or something.
>> The Flex App would simply request the servlet through its url to get
>> the PDF, and pass it the security token.
>>
>> Makes sense ?
>>
>> Maurice
>>
>> -----Message d'origine-----
>> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
>> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access PDF
>> doc from inside Flex app but not outside?
>>
>> I have a desktop Flex app that users register and login. I need to
>> provide these users access to technical documents in PDF format.
>> However, I don't want to put these docs in my server's public_html
>> directory because then any visitor can potentially view them. Is
>> there any way for the Flex app to open these PDF files in a new
>> browser window, while preventing their access by website visitors?
>> That is, the files can only be opened when logged into the app, and
>> not by copying and pasting a link in an email that goes to someone else for them to open in any browser.
>>
>> I understand the user can simply download the PDF file and e-mail it
>> if he/she really wants to (I'm just trying to make it a little more difficult).
>>
>> I was thinking maybe there was a way to place the PDF files somewhere
>> in the Java application server since only Flex has access there (a
>> firewall blocks website visitors). Thought maybe someone ran into
>> this before and could help me see what's possible.
>>
>>
>
Re: access PDF doc from inside Flex app but not outside?
Posted by mo...@comcast.net.
Thanks so much Eugene,
>The front end user never sees the actual filename of my file or where on my server it is stored.
Can you describe what the user does see in the client? That is, how does he/she open the downloaded PDF file? Does the user need to go to the Downloads folder to locate the file, then open it? Or, is there another statement, perhaps in the function downloadFileRef_complete, that opens the downloaded PDF file in a new browser window (if so, what's the command and what shows in the URL of that window)? It would help to see what's in downloadFileRef_complete, and downloadFileRef_progress (if possible).
----- Original Message -----
From: "Eugene Ramirez" <ra...@gmail.com>
To: users@flex.apache.org
Sent: Saturday, April 5, 2014 5:44:47 PM
Subject: Re: access PDF doc from inside Flex app but not outside?
One more thing. The front end user sees a nice filename associated to some
id. On the server this id has a record that has the actual disk filename
that I'm going to retrieve. The front end user never sees the actual
filename of my file or where on my server it is stored.
So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez <ra...@gmail.com>wrote:
> I have files stored on the server which can either be inside a database or
> some other file the servlet has access but not under the public_html
> directory and while I'm using JBOSS the servlet is the one that returns the
> file the user has requested.
>
> The piece of code the servlet executes is:
>
> //find out the filename using some logic and checking if the user has
> access rights
> //once I have it I execute the following code:
>
> File file=new File(filename);
> if (file.exists()){
> resp.setContentType("application/x-download");
> resp.setHeader("Content-Disposition", "attachment; filename=" +
> clientFilenameToBeSavedAs);
> returnFile(filename, resp.getOutputStream());
> }else{
> //System.out.println("file DOES NOT exist:" + filename);
> //error handling goes here
> }
>
>
>
>
> returnFile method
>
> public static void returnFile(String filename, OutputStream out)
> throws FileNotFoundException, IOException {
> InputStream in = null;
> try {
> in = new BufferedInputStream(new FileInputStream(filename));
> byte[] buf = new byte[4 * 1024]; // 4K buffer
> int bytesRead;
> while ((bytesRead = in.read(buf)) != -1) {
> out.write(buf, 0, bytesRead);
> }
> } finally {
> if (in != null) in.close();
> }
> }
>
>
>
> My FLEX code that will call the servlet method:
>
>
> private function startDownloadingFile(attachment:Attachment):void{
> if (_downloadFileRef==null) _downloadFileRef=new FileReference();
> var req:URLRequest=new URLRequest(SERVER_URL);
> var variables:URLVariables=new URLVariables();
> variables.command=DOWNLOAD_ATTACHMENT;
> variables.attachmentId=attachment.id;
> variables.sessionId=Params.getInstance().get("sessionId");
> req.data=variables;
> _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> downloadFileRef_progress);
> _downloadFileRef.addEventListener(Event.COMPLETE,
> downloadFileRef_complete);
> _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_cancel);
> try{
> mx.managers.CursorManager.setBusyCursor();
> _downloadFileRef.download(req,attachment.filename);
> }catch(error:Error){
> mx.managers.CursorManager.removeBusyCursor();
> Alert.show("unable to download file","Error downloading file");
> }
> }
>
>
> Note: My user has already been authenticated by the server and has a
> sessionId that is unique to the user. On the server I have this sessionId
> stored with a reference to the user. Anytime someone wants to download a
> file I check the sessionId and see if its:
> 1) Valid
> 2) The filename the user is trying to download has access to download the
> file
>
> The servlet goes and gets the file that is not in a public directory and
> sends it over.
>
> Others might have a different method of doing this but this works for me.
>
> Hopefully this helps.
> Ruben
>
>
>
> On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> maurice.amsellem@systar.com> wrote:
>
>> >how does the servlet open the PDF in a new (client) browser window
>> It's not the servlet, it's the flex app that is responsible of opening
>> the new window.
>> The servlet will simply read the bytes of the PDF file and write them to
>> the output stream, as if it was a static file (that what the http server
>> does actually)
>>
>> > And when it does open the PDF in a new browser window, wouldn't the
>> full URL including token be shown in the browser (if so, someone could copy
>> this URL and e-mail to someone else to open it)?
>> The "security token" would be valid for the current user session only.
>> You could for example use the jsessionid as a key (or something similar).
>> So if someone else that is not logged tries the same url, it will not
>> work.
>>
>> Maurice
>>
>> -----Message d'origine-----
>> De : modjklist@comcast.net [mailto:modjklist@comcast.net]
>> Envoyé : samedi 5 avril 2014 00:23
>> À : users@flex.apache.org
>> Objet : Re: access PDF doc from inside Flex app but not outside?
>>
>> I call a few Java servlets in my app using HTTPService(), although my app
>> is not contained in a JEE Web App as far as I know.
>>
>> Let me see if I follow... the servlet is called from within Flex using a
>> specific URL. I can append some text representing a "security token" on
>> that URL, which the servlet validates then ... hmm, how does the servlet
>> open the PDF in a new (client) browser window (maybe you can refer me to a
>> specific command I can research to figure that out)?
>>
>> And when it does open the PDF in a new browser window, wouldn't the full
>> URL including token be shown in the browser (if so, someone could copy this
>> URL and e-mail to someone else to open it)?
>>
>>
>> ----- Original Message -----
>>
>> From: "Maurice Amsellem" <ma...@systar.com>
>> To: users@flex.apache.org
>> Sent: Friday, April 4, 2014 3:05:50 PM
>> Subject: RE: access PDF doc from inside Flex app but not outside?
>>
>> Then the PDF files would be stored in the private area of the web-app
>> (under WEB-INF) , so they can't be accessed directly.
>>
>> There are probably variants of this, but I think you get the idea.
>>
>> -----Message d'origine-----
>> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
>> Envoyé : samedi 5 avril 2014 00:04
>> À : users@flex.apache.org
>> Objet : RE: access PDF doc from inside Flex app but not outside?
>>
>> If your app is contained in a JEE Web App, you could probably write a
>> servlet to download the PDF securely, using a "security token" or something.
>> The Flex App would simply request the servlet through its url to get the
>> PDF, and pass it the security token.
>>
>> Makes sense ?
>>
>> Maurice
>>
>> -----Message d'origine-----
>> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
>> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access PDF doc
>> from inside Flex app but not outside?
>>
>> I have a desktop Flex app that users register and login. I need to
>> provide these users access to technical documents in PDF format. However, I
>> don't want to put these docs in my server's public_html directory because
>> then any visitor can potentially view them. Is there any way for the Flex
>> app to open these PDF files in a new browser window, while preventing their
>> access by website visitors? That is, the files can only be opened when
>> logged into the app, and not by copying and pasting a link in an email that
>> goes to someone else for them to open in any browser.
>>
>> I understand the user can simply download the PDF file and e-mail it if
>> he/she really wants to (I'm just trying to make it a little more difficult).
>>
>> I was thinking maybe there was a way to place the PDF files somewhere in
>> the Java application server since only Flex has access there (a firewall
>> blocks website visitors). Thought maybe someone ran into this before and
>> could help me see what's possible.
>>
>>
>
Re: access PDF doc from inside Flex app but not outside?
Posted by Eugene Ramirez <ra...@gmail.com>.
One more thing. The front end user sees a nice filename associated to some
id. On the server this id has a record that has the actual disk filename
that I'm going to retrieve. The front end user never sees the actual
filename of my file or where on my server it is stored.
So I have a DIRECTORY table that has DIRECTORY_ID and DIRECTORY
On Sat, Apr 5, 2014 at 5:26 PM, Eugene Ramirez <ra...@gmail.com>wrote:
> I have files stored on the server which can either be inside a database or
> some other file the servlet has access but not under the public_html
> directory and while I'm using JBOSS the servlet is the one that returns the
> file the user has requested.
>
> The piece of code the servlet executes is:
>
> //find out the filename using some logic and checking if the user has
> access rights
> //once I have it I execute the following code:
>
> File file=new File(filename);
> if (file.exists()){
> resp.setContentType("application/x-download");
> resp.setHeader("Content-Disposition", "attachment; filename=" +
> clientFilenameToBeSavedAs);
> returnFile(filename, resp.getOutputStream());
> }else{
> //System.out.println("file DOES NOT exist:" + filename);
> //error handling goes here
> }
>
>
>
>
> returnFile method
>
> public static void returnFile(String filename, OutputStream out)
> throws FileNotFoundException, IOException {
> InputStream in = null;
> try {
> in = new BufferedInputStream(new FileInputStream(filename));
> byte[] buf = new byte[4 * 1024]; // 4K buffer
> int bytesRead;
> while ((bytesRead = in.read(buf)) != -1) {
> out.write(buf, 0, bytesRead);
> }
> } finally {
> if (in != null) in.close();
> }
> }
>
>
>
> My FLEX code that will call the servlet method:
>
>
> private function startDownloadingFile(attachment:Attachment):void{
> if (_downloadFileRef==null) _downloadFileRef=new FileReference();
> var req:URLRequest=new URLRequest(SERVER_URL);
> var variables:URLVariables=new URLVariables();
> variables.command=DOWNLOAD_ATTACHMENT;
> variables.attachmentId=attachment.id;
> variables.sessionId=Params.getInstance().get("sessionId");
> req.data=variables;
> _downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
> downloadFileRef_progress);
> _downloadFileRef.addEventListener(Event.COMPLETE,
> downloadFileRef_complete);
> _downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_cancel);
> try{
> mx.managers.CursorManager.setBusyCursor();
> _downloadFileRef.download(req,attachment.filename);
> }catch(error:Error){
> mx.managers.CursorManager.removeBusyCursor();
> Alert.show("unable to download file","Error downloading file");
> }
> }
>
>
> Note: My user has already been authenticated by the server and has a
> sessionId that is unique to the user. On the server I have this sessionId
> stored with a reference to the user. Anytime someone wants to download a
> file I check the sessionId and see if its:
> 1) Valid
> 2) The filename the user is trying to download has access to download the
> file
>
> The servlet goes and gets the file that is not in a public directory and
> sends it over.
>
> Others might have a different method of doing this but this works for me.
>
> Hopefully this helps.
> Ruben
>
>
>
> On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
> maurice.amsellem@systar.com> wrote:
>
>> >how does the servlet open the PDF in a new (client) browser window
>> It's not the servlet, it's the flex app that is responsible of opening
>> the new window.
>> The servlet will simply read the bytes of the PDF file and write them to
>> the output stream, as if it was a static file (that what the http server
>> does actually)
>>
>> > And when it does open the PDF in a new browser window, wouldn't the
>> full URL including token be shown in the browser (if so, someone could copy
>> this URL and e-mail to someone else to open it)?
>> The "security token" would be valid for the current user session only.
>> You could for example use the jsessionid as a key (or something similar).
>> So if someone else that is not logged tries the same url, it will not
>> work.
>>
>> Maurice
>>
>> -----Message d'origine-----
>> De : modjklist@comcast.net [mailto:modjklist@comcast.net]
>> Envoyé : samedi 5 avril 2014 00:23
>> À : users@flex.apache.org
>> Objet : Re: access PDF doc from inside Flex app but not outside?
>>
>> I call a few Java servlets in my app using HTTPService(), although my app
>> is not contained in a JEE Web App as far as I know.
>>
>> Let me see if I follow... the servlet is called from within Flex using a
>> specific URL. I can append some text representing a "security token" on
>> that URL, which the servlet validates then ... hmm, how does the servlet
>> open the PDF in a new (client) browser window (maybe you can refer me to a
>> specific command I can research to figure that out)?
>>
>> And when it does open the PDF in a new browser window, wouldn't the full
>> URL including token be shown in the browser (if so, someone could copy this
>> URL and e-mail to someone else to open it)?
>>
>>
>> ----- Original Message -----
>>
>> From: "Maurice Amsellem" <ma...@systar.com>
>> To: users@flex.apache.org
>> Sent: Friday, April 4, 2014 3:05:50 PM
>> Subject: RE: access PDF doc from inside Flex app but not outside?
>>
>> Then the PDF files would be stored in the private area of the web-app
>> (under WEB-INF) , so they can't be accessed directly.
>>
>> There are probably variants of this, but I think you get the idea.
>>
>> -----Message d'origine-----
>> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
>> Envoyé : samedi 5 avril 2014 00:04
>> À : users@flex.apache.org
>> Objet : RE: access PDF doc from inside Flex app but not outside?
>>
>> If your app is contained in a JEE Web App, you could probably write a
>> servlet to download the PDF securely, using a "security token" or something.
>> The Flex App would simply request the servlet through its url to get the
>> PDF, and pass it the security token.
>>
>> Makes sense ?
>>
>> Maurice
>>
>> -----Message d'origine-----
>> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
>> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access PDF doc
>> from inside Flex app but not outside?
>>
>> I have a desktop Flex app that users register and login. I need to
>> provide these users access to technical documents in PDF format. However, I
>> don't want to put these docs in my server's public_html directory because
>> then any visitor can potentially view them. Is there any way for the Flex
>> app to open these PDF files in a new browser window, while preventing their
>> access by website visitors? That is, the files can only be opened when
>> logged into the app, and not by copying and pasting a link in an email that
>> goes to someone else for them to open in any browser.
>>
>> I understand the user can simply download the PDF file and e-mail it if
>> he/she really wants to (I'm just trying to make it a little more difficult).
>>
>> I was thinking maybe there was a way to place the PDF files somewhere in
>> the Java application server since only Flex has access there (a firewall
>> blocks website visitors). Thought maybe someone ran into this before and
>> could help me see what's possible.
>>
>>
>
Re: access PDF doc from inside Flex app but not outside?
Posted by Eugene Ramirez <ra...@gmail.com>.
I have files stored on the server which can either be inside a database or
some other file the servlet has access but not under the public_html
directory and while I'm using JBOSS the servlet is the one that returns the
file the user has requested.
The piece of code the servlet executes is:
//find out the filename using some logic and checking if the user has
access rights
//once I have it I execute the following code:
File file=new File(filename);
if (file.exists()){
resp.setContentType("application/x-download");
resp.setHeader("Content-Disposition", "attachment; filename=" +
clientFilenameToBeSavedAs);
returnFile(filename, resp.getOutputStream());
}else{
//System.out.println("file DOES NOT exist:" + filename);
//error handling goes here
}
returnFile method
public static void returnFile(String filename, OutputStream out)
throws FileNotFoundException, IOException {
InputStream in = null;
try {
in = new BufferedInputStream(new FileInputStream(filename));
byte[] buf = new byte[4 * 1024]; // 4K buffer
int bytesRead;
while ((bytesRead = in.read(buf)) != -1) {
out.write(buf, 0, bytesRead);
}
} finally {
if (in != null) in.close();
}
}
My FLEX code that will call the servlet method:
private function startDownloadingFile(attachment:Attachment):void{
if (_downloadFileRef==null) _downloadFileRef=new FileReference();
var req:URLRequest=new URLRequest(SERVER_URL);
var variables:URLVariables=new URLVariables();
variables.command=DOWNLOAD_ATTACHMENT;
variables.attachmentId=attachment.id;
variables.sessionId=Params.getInstance().get("sessionId");
req.data=variables;
_downloadFileRef.addEventListener(ProgressEvent.PROGRESS,
downloadFileRef_progress);
_downloadFileRef.addEventListener(Event.COMPLETE, downloadFileRef_complete);
_downloadFileRef.addEventListener(Event.CANCEL,downloadFileRef_cancel);
try{
mx.managers.CursorManager.setBusyCursor();
_downloadFileRef.download(req,attachment.filename);
}catch(error:Error){
mx.managers.CursorManager.removeBusyCursor();
Alert.show("unable to download file","Error downloading file");
}
}
Note: My user has already been authenticated by the server and has a
sessionId that is unique to the user. On the server I have this sessionId
stored with a reference to the user. Anytime someone wants to download a
file I check the sessionId and see if its:
1) Valid
2) The filename the user is trying to download has access to download the
file
The servlet goes and gets the file that is not in a public directory and
sends it over.
Others might have a different method of doing this but this works for me.
Hopefully this helps.
Ruben
On Fri, Apr 4, 2014 at 3:28 PM, Maurice Amsellem <
maurice.amsellem@systar.com> wrote:
> >how does the servlet open the PDF in a new (client) browser window
> It's not the servlet, it's the flex app that is responsible of opening the
> new window.
> The servlet will simply read the bytes of the PDF file and write them to
> the output stream, as if it was a static file (that what the http server
> does actually)
>
> > And when it does open the PDF in a new browser window, wouldn't the full
> URL including token be shown in the browser (if so, someone could copy this
> URL and e-mail to someone else to open it)?
> The "security token" would be valid for the current user session only. You
> could for example use the jsessionid as a key (or something similar).
> So if someone else that is not logged tries the same url, it will not work.
>
> Maurice
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net]
> Envoyé : samedi 5 avril 2014 00:23
> À : users@flex.apache.org
> Objet : Re: access PDF doc from inside Flex app but not outside?
>
> I call a few Java servlets in my app using HTTPService(), although my app
> is not contained in a JEE Web App as far as I know.
>
> Let me see if I follow... the servlet is called from within Flex using a
> specific URL. I can append some text representing a "security token" on
> that URL, which the servlet validates then ... hmm, how does the servlet
> open the PDF in a new (client) browser window (maybe you can refer me to a
> specific command I can research to figure that out)?
>
> And when it does open the PDF in a new browser window, wouldn't the full
> URL including token be shown in the browser (if so, someone could copy this
> URL and e-mail to someone else to open it)?
>
>
> ----- Original Message -----
>
> From: "Maurice Amsellem" <ma...@systar.com>
> To: users@flex.apache.org
> Sent: Friday, April 4, 2014 3:05:50 PM
> Subject: RE: access PDF doc from inside Flex app but not outside?
>
> Then the PDF files would be stored in the private area of the web-app
> (under WEB-INF) , so they can't be accessed directly.
>
> There are probably variants of this, but I think you get the idea.
>
> -----Message d'origine-----
> De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
> Envoyé : samedi 5 avril 2014 00:04
> À : users@flex.apache.org
> Objet : RE: access PDF doc from inside Flex app but not outside?
>
> If your app is contained in a JEE Web App, you could probably write a
> servlet to download the PDF securely, using a "security token" or something.
> The Flex App would simply request the servlet through its url to get the
> PDF, and pass it the security token.
>
> Makes sense ?
>
> Maurice
>
> -----Message d'origine-----
> De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé :
> vendredi 4 avril 2014 23:45 À : apache flex users Objet : access PDF doc
> from inside Flex app but not outside?
>
> I have a desktop Flex app that users register and login. I need to provide
> these users access to technical documents in PDF format. However, I don't
> want to put these docs in my server's public_html directory because then
> any visitor can potentially view them. Is there any way for the Flex app to
> open these PDF files in a new browser window, while preventing their access
> by website visitors? That is, the files can only be opened when logged into
> the app, and not by copying and pasting a link in an email that goes to
> someone else for them to open in any browser.
>
> I understand the user can simply download the PDF file and e-mail it if
> he/she really wants to (I'm just trying to make it a little more difficult).
>
> I was thinking maybe there was a way to place the PDF files somewhere in
> the Java application server since only Flex has access there (a firewall
> blocks website visitors). Thought maybe someone ran into this before and
> could help me see what's possible.
>
>
RE: access PDF doc from inside Flex app but not outside?
Posted by Maurice Amsellem <ma...@systar.com>.
>how does the servlet open the PDF in a new (client) browser window
It's not the servlet, it's the flex app that is responsible of opening the new window.
The servlet will simply read the bytes of the PDF file and write them to the output stream, as if it was a static file (that what the http server does actually)
> And when it does open the PDF in a new browser window, wouldn't the full URL including token be shown in the browser (if so, someone could copy this URL and e-mail to someone else to open it)?
The "security token" would be valid for the current user session only. You could for example use the jsessionid as a key (or something similar).
So if someone else that is not logged tries the same url, it will not work.
Maurice
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net]
Envoyé : samedi 5 avril 2014 00:23
À : users@flex.apache.org
Objet : Re: access PDF doc from inside Flex app but not outside?
I call a few Java servlets in my app using HTTPService(), although my app is not contained in a JEE Web App as far as I know.
Let me see if I follow... the servlet is called from within Flex using a specific URL. I can append some text representing a "security token" on that URL, which the servlet validates then ... hmm, how does the servlet open the PDF in a new (client) browser window (maybe you can refer me to a specific command I can research to figure that out)?
And when it does open the PDF in a new browser window, wouldn't the full URL including token be shown in the browser (if so, someone could copy this URL and e-mail to someone else to open it)?
----- Original Message -----
From: "Maurice Amsellem" <ma...@systar.com>
To: users@flex.apache.org
Sent: Friday, April 4, 2014 3:05:50 PM
Subject: RE: access PDF doc from inside Flex app but not outside?
Then the PDF files would be stored in the private area of the web-app (under WEB-INF) , so they can't be accessed directly.
There are probably variants of this, but I think you get the idea.
-----Message d'origine-----
De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
Envoyé : samedi 5 avril 2014 00:04
À : users@flex.apache.org
Objet : RE: access PDF doc from inside Flex app but not outside?
If your app is contained in a JEE Web App, you could probably write a servlet to download the PDF securely, using a "security token" or something.
The Flex App would simply request the servlet through its url to get the PDF, and pass it the security token.
Makes sense ?
Maurice
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé : vendredi 4 avril 2014 23:45 À : apache flex users Objet : access PDF doc from inside Flex app but not outside?
I have a desktop Flex app that users register and login. I need to provide these users access to technical documents in PDF format. However, I don't want to put these docs in my server's public_html directory because then any visitor can potentially view them. Is there any way for the Flex app to open these PDF files in a new browser window, while preventing their access by website visitors? That is, the files can only be opened when logged into the app, and not by copying and pasting a link in an email that goes to someone else for them to open in any browser.
I understand the user can simply download the PDF file and e-mail it if he/she really wants to (I'm just trying to make it a little more difficult).
I was thinking maybe there was a way to place the PDF files somewhere in the Java application server since only Flex has access there (a firewall blocks website visitors). Thought maybe someone ran into this before and could help me see what's possible.
Re: access PDF doc from inside Flex app but not outside?
Posted by mo...@comcast.net.
I call a few Java servlets in my app using HTTPService(), although my app is not contained in a JEE Web App as far as I know.
Let me see if I follow... the servlet is called from within Flex using a specific URL. I can append some text representing a "security token" on that URL, which the servlet validates then ... hmm, how does the servlet open the PDF in a new (client) browser window (maybe you can refer me to a specific command I can research to figure that out)?
And when it does open the PDF in a new browser window, wouldn't the full URL including token be shown in the browser (if so, someone could copy this URL and e-mail to someone else to open it)?
----- Original Message -----
From: "Maurice Amsellem" <ma...@systar.com>
To: users@flex.apache.org
Sent: Friday, April 4, 2014 3:05:50 PM
Subject: RE: access PDF doc from inside Flex app but not outside?
Then the PDF files would be stored in the private area of the web-app (under WEB-INF) , so they can't be accessed directly.
There are probably variants of this, but I think you get the idea.
-----Message d'origine-----
De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
Envoyé : samedi 5 avril 2014 00:04
À : users@flex.apache.org
Objet : RE: access PDF doc from inside Flex app but not outside?
If your app is contained in a JEE Web App, you could probably write a servlet to download the PDF securely, using a "security token" or something.
The Flex App would simply request the servlet through its url to get the PDF, and pass it the security token.
Makes sense ?
Maurice
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé : vendredi 4 avril 2014 23:45 À : apache flex users Objet : access PDF doc from inside Flex app but not outside?
I have a desktop Flex app that users register and login. I need to provide these users access to technical documents in PDF format. However, I don't want to put these docs in my server's public_html directory because then any visitor can potentially view them. Is there any way for the Flex app to open these PDF files in a new browser window, while preventing their access by website visitors? That is, the files can only be opened when logged into the app, and not by copying and pasting a link in an email that goes to someone else for them to open in any browser.
I understand the user can simply download the PDF file and e-mail it if he/she really wants to (I'm just trying to make it a little more difficult).
I was thinking maybe there was a way to place the PDF files somewhere in the Java application server since only Flex has access there (a firewall blocks website visitors). Thought maybe someone ran into this before and could help me see what's possible.
RE: access PDF doc from inside Flex app but not outside?
Posted by Maurice Amsellem <ma...@systar.com>.
Then the PDF files would be stored in the private area of the web-app (under WEB-INF) , so they can't be accessed directly.
There are probably variants of this, but I think you get the idea.
-----Message d'origine-----
De : Maurice Amsellem [mailto:maurice.amsellem@systar.com]
Envoyé : samedi 5 avril 2014 00:04
À : users@flex.apache.org
Objet : RE: access PDF doc from inside Flex app but not outside?
If your app is contained in a JEE Web App, you could probably write a servlet to download the PDF securely, using a "security token" or something.
The Flex App would simply request the servlet through its url to get the PDF, and pass it the security token.
Makes sense ?
Maurice
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net] Envoyé : vendredi 4 avril 2014 23:45 À : apache flex users Objet : access PDF doc from inside Flex app but not outside?
I have a desktop Flex app that users register and login. I need to provide these users access to technical documents in PDF format. However, I don't want to put these docs in my server's public_html directory because then any visitor can potentially view them. Is there any way for the Flex app to open these PDF files in a new browser window, while preventing their access by website visitors? That is, the files can only be opened when logged into the app, and not by copying and pasting a link in an email that goes to someone else for them to open in any browser.
I understand the user can simply download the PDF file and e-mail it if he/she really wants to (I'm just trying to make it a little more difficult).
I was thinking maybe there was a way to place the PDF files somewhere in the Java application server since only Flex has access there (a firewall blocks website visitors). Thought maybe someone ran into this before and could help me see what's possible.
RE: access PDF doc from inside Flex app but not outside?
Posted by Maurice Amsellem <ma...@systar.com>.
If your app is contained in a JEE Web App, you could probably write a servlet to download the PDF securely, using a "security token" or something.
The Flex App would simply request the servlet through its url to get the PDF, and pass it the security token.
Makes sense ?
Maurice
-----Message d'origine-----
De : modjklist@comcast.net [mailto:modjklist@comcast.net]
Envoyé : vendredi 4 avril 2014 23:45
À : apache flex users
Objet : access PDF doc from inside Flex app but not outside?
I have a desktop Flex app that users register and login. I need to provide these users access to technical documents in PDF format. However, I don't want to put these docs in my server's public_html directory because then any visitor can potentially view them. Is there any way for the Flex app to open these PDF files in a new browser window, while preventing their access by website visitors? That is, the files can only be opened when logged into the app, and not by copying and pasting a link in an email that goes to someone else for them to open in any browser.
I understand the user can simply download the PDF file and e-mail it if he/she really wants to (I'm just trying to make it a little more difficult).
I was thinking maybe there was a way to place the PDF files somewhere in the Java application server since only Flex has access there (a firewall blocks website visitors). Thought maybe someone ran into this before and could help me see what's possible.