I have a simple web application that allows the user to download and access files. When a user accesses a downloaded file, the server must support all types of headers, such as Accept-Ranges, so that responses to partial content can be made in large media files. DefaultServlet (in Tomcat) does a great job with the serveResource () method called by doGet (), so I would like to use DefaultServlet for uploaded files. It is quite simple in normal conditions, since it is a DEFAULT servlet, but, unfortunately, for my case I can’t find a way to use the default servlet.
To prevent the removal of downloaded files when redistributing webapp, I need to save them outside the webapp directory. These files should only be accessible to the user who downloaded them, so I created javax.servlet.Filter to handle access authorization for resources. I know that if I add a new context to server.xml for the external resource directory, they will be available and DefaultServlet will be used.
<Context docBase="/path/to/resources" path="/resource" />
But I do not want to do this, because then I need to invasively modify server.xml, which is not recommended ( for reasons ), and when the context exists for the / resource path, my filter for this url-mapping will not be called. Therefore, I do not think that creating a new context is a good solution.
The only other solution I can come up with is to create a servlet for all requests in '/ resource / *' that extends the DefaultServlet and somehow redefines the functionality that the requested file will receive instead at its actual external location, rather than return 404 on a nonexistent resource in webapp. However, I could not find an easy way to convert DefaultServlet to one that can extract files external to the webapp directory. Maybe there is a way?
How can I handle this?
source
share