I have a Play application that creates files in the public folder when a user is in session. These files are like working files.
Now, with multiple users working at the same time, I want to restrict a user to his working files and not someone else's.
How do I achieve this ?
What I thought of :
Have uuid based file name
Store the files in the root of Application and send files to javascript using Java controller
Authenticating before using any file
You can use some authentication framework(like SecureSocial or Silhouette) and then manage files from controller. Once you are in SecuredAction or UserAwareAction you can get user identity and access the right file based on some propery of defined identity
Related
I have a rather simple question. I have a controller with two endpoints
/newFile
/downloadFile/{fileName}
/newFile endpoint creates a simple .txt file under resources
and my expectation would be to hit /downloadFile/{fileName} and download the newly created resource.
Resource res = new ClassPathResource(fileName);
so as it turned out classpath resource looks under build/resources and the file is not yet there (because I haven't restarted/rebuild the app, once I do it - I can download the file) but the whole idea is to dynamically generate files and access them immediately - is there a quick way to bypass this without having to rebuild?
I too had the same problem when I was working on FACE Recognition API which has the same process of creating a file and and uploading it to analysis.
What java does is It abstracts project to JVM and runs on it, So your newly created file won't be in the JVM, What you need to do is to use a Database or any cloud storage or NFS.
According to my perspective Using Database is the best option. Code Java How to upload files to database with Servlet, JSP and MySQL and Javatpoint store file in Oracle database are some documents you can refer for using a database.
you can refer to this document for implementing your project.
So I have a microservice app that does image processing with ImageJ which I have created a microservice using spring boot.
Often the image I am trying to load is coming from a samba share mapped to a directory like p:/
I have an issue that is ONLY happening when I execute the spring boot app as a JAR directly. If I execute it directly from STS using the tool executors it works fine. As well, the file is readable, viewable etc.
File f = new File("P:\\Stamps\\_Temp\\Img001.jpg");
BufferedImage image = ImageIO.read(f);
This will result in
javax.imageio.IIOException: Can't read input file!
at java.desktop/javax.imageio.ImageIO.read(ImageIO.java:1308) ~[na:na]
For debugging purposes I had it print out the .exist() and .canRead() - when executed in STS (Eclipse) these both return true, however from the JAR it will return false. More over if I try to access the image directly from a local folder (say c:\my-images) it works fine. So my assumption is there is some thing restricting access to these Network shared files when accessed from within a Jar (only).
I have not been able to find any reference information via searches to this on the usage of File so I am wondering if there is a spring boot configuration that is blocking this access (mainfest setting etc), or if it is a restriction of executing class byte-code from within a JAR?
So networked Mapped Drives in Windows can be accessed if you track back to the remote name and replace that drive letter with the appropriate mapping name. This thread covers an example where they do that: https://gist.github.com/digulla/31eed31c7ead29ffc7a30aaf87131def they key here is to replace the "P:" with "\server\path"
Again does not explain why this fails via Jar access vs. class exploded access, but at least it covers a workaround. For my use I might just simply use a mapping file since while I use the Network Mapping, I do not know how common this would be for other users and asking them to set some configuration in application.properties does not seem ridiculous for those cases. Still if anyone has insights into WHY we get different behavior inside and outside the Jar execution I'd be curious (or whether there is some spring-boot property in the manifest that needs to be set)
I am developing a web application (deployed on Jboss6) which reads files from base/ro1 and base/ro2, but also creates new files into base/rw. Files can also be deleted from base/rw.
Is there a way to apply a global security policy for this application which can define these restrictions, on the lines of http://docs.oracle.com/javase/7/docs/technotes/guides/security/spec/security-spec.doc3.html?
The application also exposes API to access/manipulate files in these directories. For eg. if I provide an API with a url api/delete?name=file1, I want the delete api to only be able to delete a file under base/rw/. And a url similar to api/delete?name='../ro/*' should be restricted.
My project is an EJB. I want to store image in the oracle database. I understand its more efficient to store the file path in database and the images in a folder. My folder "images" is located in ejb. Please if the image is java.jpg, how do I construct the file path? I have tried both images/java.jpg and images\java.jpg and none worked.
The real path to the image location is "C:\Users\Kate\Documents\NetBeansProjects\Kate_Assig\Kate_Assig-ejb\images" and "Kate_Assig-ejb" is the ejb project and that's where the images folder that contains the images is.
The challenge I have right now is to store the file path in database. I have tried this option "..\images\java.jpg" and it didn't work. It didn't work because images are not displayed when I query the table from the client side.
The client is web application.
Let say that you stored image in some directory and its path in database and you have just JEB module, though you want to access images over web using URL. What you need to understand is that EJB does not provide web access. You have to create web module as well and configure it to serve your images.
There shall be servlet that accepts image identifier in parameter or in path. It will then load path from database, open the file and return it back. If you store the file in some public place within web module (not under WEB-INF) then you do not need to use database at all. The parameter / path could be constructed that it holds enough information to find and serve it.
There is some tutorial on web module by Oracle: http://docs.oracle.com/javaee/5/tutorial/doc/bnadx.html Basicly you need to create a war file with following structure:
index.jsp
WEB-INF\
classes\
lib\
web.xml
Directory WEB-INF is protected and browser cannot access it. It contains classes directory to store web module classes, lib folder for dependencies (ejb module jar, libraries) and web.xml. This file is important as it defines your servlets, filters and URL mappings.
You can study following samples to implement your solution that will serve images stored on filesystem:
http://www.java2s.com/Code/Java/Servlets/Sendworddocument.htm
http://www.javatpoint.com/example-to-display-image-using-servlet
I hope that this will help you to proceed.
I want to create a neat project that can help me in future to update. I am about to complete my project and now I want to place different files in different folders based on their privileges like a folder named Admin where all corresponding .jsp and/or servelt having Admin privilege are placed together and also how can i create a filter to check whether a user is authorized to access any jsp and/or servlet in that folder or not. I am denied to upload my projects image due to lack of reputations..
this is how usually projects are:
Web Pages
certain Admin .jsp's
Source
certain Admin servlets
I want to place all the Admin jsp/servlet in a folder and create a filter to check whether a user is authorized or not
Upto my knowledge
That is not possible directly for Servlets different package can be created and similarly a folder can be created for jsp and to control these a filter can be created but you need to filter-map those independently.. So a better way is to check on the top of servlet or jsp whether a user is authenticated to view it or not...