You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mark Leone <mi...@cox.net> on 2005/03/19 05:45:37 UTC
Authentication for streaming file (OT)
Slightly off-topic -- Tomcat related
I have a servlet that is invoked by clicking a hyperlink that is
rendered by a JSP running in Tomcat. The servlet receives a file path
parameter in the HTTP request, and then streams that file to the
requesting client. I have a <security-constraint/> defined in Tomcat for
the JSP, requiring basic password authentication. However, if I define
the <security-constraint/> so that it applies to the servlet also, then
the following error occurs when the servlet attempts to stream the file
to the client.
The browser presents the file info and prompts to save or open the file,
but then when the actual streaming is attempted, the browser reports
that the site is unreachable. This is apparently caused by the lack of
any authentication during the file streaming operation, because when I
define the <security-constraint/> so that it applies to the JSP but not
the servlet, the problem does not occur. I don't really understand why
it behaves this way, since the servlet was invoked with proper
authorization, and the problem occurs only when the servlet starts
streaming a file to the client. But it does seem to be an authorization
problem, since it goes away when I don't constrain the servlet for
authentication. I can operate this way, but then my JSP is protected and
the servlet is not.
Is there a way to specify authentication parameters during the file
streaming operation? Does anyone have an explanation for what I'm
experiencing? Here's my servlet code:
public class FileSender extends HttpServlet{
protected void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException{
String filename = request.getParameter("file");
File file = new File(filename);
MimetypesFileTypeMap mimeTypes = new MimetypesFileTypeMap
("C:\\Program Files\\Java\\jdk1.5.0_01\\lib\\mime.types");
String mime = mimeTypes.getContentType(file);
response.setContentType(mime);
response.setHeader("Content-Disposition", "attachment;"
+ "filename=" + file.getName());
FileInputStream in = new FileInputStream(file);
OutputStream out = response.getOutputStream();
byte[] buf = new byte[1024];
int i = 0;
while((i=in.read(buf))!=-1) {
out.write(buf, 0, i);
}
in.close();
out.close();
}
}
And here's my web.xml. With this configuration, the file downolad fails
as described above. To make it work, I remove the second <url-pattern/>
element as indicated.
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<display-name>
File Port
</display-name>
<description>
Makes files available through the web container
</description>
<servlet>
<servlet-name>FilePort</servlet-name>
<description>
Retrieves specified file and sends it to requester
</description>
<servlet-class>FileSnatcher.FileSender</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>FilePort</servlet-name>
<url-pattern>/FilePort</url-pattern>
</servlet-mapping>
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>FileSnatcher</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>/FilePort</url-pattern> <!-- remove this to make it
work -->
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JDBCRealm</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>
The role that is required to log in to the Manager Application
</description>
<role-name>manager</role-name>
</security-role>
</web-app>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
How to speed up development wie AppServer
Posted by Peter Neu <pe...@gmx.net>.
Hello,
when I develop my web applications I use JIdea
an have Tomcat integrated in the IDE so I start it
every time when I have made changes and wish to test them.
This process takes on my Pentium 4 1.6 GHz quite some time.
Tomcat starts up in 8-10 sec and then I takes some time for the JSP's
to be compiled.
I was wondering if I can speed up this process when I make
use of a Application Server with Hot Deploy. Does that make
sense for an application which is only based on a Servlet
Container? Can I make up some time or will it take
the same time in the end?
Best Regards,
Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Authentication for streaming file (OT)
Posted by Mark Leone <mi...@cox.net>.
Yes, that's exactly my problem. It only fails with HTTPS connections on IE. It works with Firefox (using the built-in
download manager or Flashgot) as well as Safari on a Mac. Nice to see, according to a posting in the BZ link you provided, that M$ has decided to label it a feature rather than a bug.
I applied the workaround you described in BZ #27122, and it now works properly with all resources of the
web app protected by a <security-constraint/>.
Thanks for pointing me to the solution.
-Mark
Bill Barker wrote:
>Have you tried other browsers than MSIE? If it works for FireFox, then
>you've probably hit http://issues.apache.org/bugzilla/show_bug.cgi?id=28750.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Authentication for streaming file (OT)
Posted by Bill Barker <wb...@wilshire.com>.
Have you tried other browsers than MSIE? If it works for FireFox, then
you've probably hit http://issues.apache.org/bugzilla/show_bug.cgi?id=28750.
"Mark Leone" <mi...@cox.net> wrote in message
news:423BAE71.2020604@cox.net...
> Slightly off-topic -- Tomcat related
>
> I have a servlet that is invoked by clicking a hyperlink that is rendered
> by a JSP running in Tomcat. The servlet receives a file path parameter in
> the HTTP request, and then streams that file to the requesting client. I
> have a <security-constraint/> defined in Tomcat for the JSP, requiring
> basic password authentication. However, if I define the
> <security-constraint/> so that it applies to the servlet also, then the
> following error occurs when the servlet attempts to stream the file to the
> client.
>
> The browser presents the file info and prompts to save or open the file,
> but then when the actual streaming is attempted, the browser reports that
> the site is unreachable. This is apparently caused by the lack of any
> authentication during the file streaming operation, because when I define
> the <security-constraint/> so that it applies to the JSP but not the
> servlet, the problem does not occur. I don't really understand why it
> behaves this way, since the servlet was invoked with proper authorization,
> and the problem occurs only when the servlet starts streaming a file to
> the client. But it does seem to be an authorization problem, since it goes
> away when I don't constrain the servlet for authentication. I can operate
> this way, but then my JSP is protected and the servlet is not.
>
> Is there a way to specify authentication parameters during the file
> streaming operation? Does anyone have an explanation for what I'm
> experiencing? Here's my servlet code:
>
> public class FileSender extends HttpServlet{
>
> protected void doGet(HttpServletRequest request,
> HttpServletResponse response)
> throws ServletException, IOException{
>
> String filename = request.getParameter("file");
> File file = new File(filename);
>
> MimetypesFileTypeMap mimeTypes = new MimetypesFileTypeMap
> ("C:\\Program Files\\Java\\jdk1.5.0_01\\lib\\mime.types");
> String mime = mimeTypes.getContentType(file);
> response.setContentType(mime);
> response.setHeader("Content-Disposition", "attachment;"
> + "filename=" + file.getName());
>
> FileInputStream in = new FileInputStream(file);
> OutputStream out = response.getOutputStream();
> byte[] buf = new byte[1024];
> int i = 0;
> while((i=in.read(buf))!=-1) {
> out.write(buf, 0, i);
> }
> in.close();
> out.close();
> }
> }
>
> And here's my web.xml. With this configuration, the file downolad fails as
> described above. To make it work, I remove the second <url-pattern/>
> element as indicated.
>
> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application
> 2.2//EN"
> "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
>
> <web-app>
>
> <display-name>
> File Port
> </display-name>
>
> <description>
> Makes files available through the web container
> </description>
>
> <servlet>
> <servlet-name>FilePort</servlet-name>
> <description>
> Retrieves specified file and sends it to requester
> </description>
> <servlet-class>FileSnatcher.FileSender</servlet-class>
> </servlet>
>
> <servlet-mapping>
> <servlet-name>FilePort</servlet-name>
> <url-pattern>/FilePort</url-pattern>
> </servlet-mapping>
>
> <!-- Define a Security Constraint on this Application -->
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>FileSnatcher</web-resource-name>
> <url-pattern>*.jsp</url-pattern>
> <url-pattern>/FilePort</url-pattern> <!-- remove this to make it
> work -->
> </web-resource-collection>
> <auth-constraint>
> <role-name>manager</role-name>
> </auth-constraint>
> </security-constraint>
>
> <!-- Define the Login Configuration for this Application -->
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>JDBCRealm</realm-name>
> </login-config>
>
> <!-- Security roles referenced by this web application -->
> <security-role>
> <description>
> The role that is required to log in to the Manager Application
> </description>
> <role-name>manager</role-name>
> </security-role>
>
> </web-app>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org