I need to limit the files to be download without authencitation. Such as
If a user knows the path and the filename of download file, he could download the file via HTTP GET. I want the user to login the system before he download the files. Is a servlet which is mapping to /download/* could protect the download?
the second problem is:
the files to be downloaded are not in the folder of the webapp, I need a servlet to read the files, then send to the clients. could anybody help me?
Any responses are appreciated.
You could use a filter that checks if the requested resource needs a login and continue the request processing if eveything is ok, or forwards to an error page otherwise.
Best regards, Mircea
See for example Download servlet in JSOS:
You can protect your resources thru
security-constraint tag in web.xml