Streaming blob from servlet, security constraint problem?
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Joacim_Turesson
Posted On:   Saturday, May 4, 2002 02:09 AM

Hi! I have written an action class in using Struts that streams a Blob from the database. In this case the blob is a pdf file. I use IE 6.0 and if I run it without security constraints it works fine, but when I add security constraints it stops working. I get a download window, that only allows saving (and cancel) the pdf file but it also fails. I use a java script like this: function openDocument(url) { var location = url var name = 'Document' var settings = 'menubar=no,directories=no,toolbar=no,status=no,location=no' var documentWin = window.open(location, name, settings);    More>>


Hi!



I have written an action class in using Struts that streams a Blob from the database.

In this case the blob is a pdf file.



I use IE 6.0 and if I run it without security constraints it works fine, but when I add security constraints it stops working.

I get a download window, that only allows saving (and cancel) the pdf file but it also fails.



I use a java script like this:



function openDocument(url) {

var location = url

var name = 'Document'

var settings = 'menubar=no,directories=no,toolbar=no,status=no,location=no'

var documentWin = window.open(location, name, settings);

};



from the main window and the url contains a request to the Action class that streams the Blob.



The action class look like this:

...

response.setContentType("application/pdf");

int pos=0;

int length=0;

byte[] b = new byte[blob.getChunkSize()];

OutputStream os = response.getOutputStream();

while((length=is.read(b))!= -1){

pos+=length;

os.write(b);

}

...



I use Tomcat 4.0.3 and my security constraints look like this:







Secure All resources

/*





user







I'm using FORM based login.



I guess it has to do with the javascript and security...



Thanks in advance.



/Regards Joacim Turesson

   <<Less

Re: Streaming blob from servlet, security constraint problem?

Posted By:   Joacim_Turesson  
Posted On:   Monday, May 6, 2002 12:56 AM


Hi.



I tested with removing:
/*



An instead added:

*.jsp

*.html

start.do

...

end.do



and not added document.do, i.e. not secure.



And it worked...



So I have a problem with Tomcat 4.0.3 and security when streming a file from a secure resource.



/Regards Joacim Turesson

About | Sitemap | Contact