file download in spring mvc - spring

in my home page I want to display user guide in two different format ( pdf and word) these documents were already created by technical writers and I want to show the download links to these documents in home page after the user successfully logged in. I can achieve this easily by putting these two documents in one folder up to the 'WEB-INF' but it will enable anyone can download these files(without logging in). Could you advise whats the best way to handle this in spring mvc 2.5

I guess you already have some security support, so you can check whether user is logged in inside a controller code.
Then you can put your files into /WEB-INF folder and create a special controller for serving these files to the logged users. This controller will check that user is logged in and then forward a request to the target file. In typical Spring MVC configurations you can forward a request by returning something like forward:/WEB-INF/myFile.pdf as a view name.
Alternatively, if you use some security library, such as Spring Security, you can use its features to secure access to your files. In that case you don't need to put them into /WEB-INF and implement a specifal controller for accessing them.

Related

How to launch and serve subpage from my webapplication?

I am using Spring to create a web application in which a user can upload a zipped folder containing an index.html file along with all it's resources(pretty much like an Adobe captivate generated webpage). The user should be able to request the uploaded web pages in the form of inner web pages.
I can only go as far as unzipping the folder itself, but I have no idea how to launch the index.html present inside the zipped folder.
How do I achieve this?
Quite honestly Spring has no restrictions or advantages over
displaying your subpages inside another page. However you can use Spring MVC to dynamically serve the web pages from the uploaded folder.
More over you have to play the tricks from browser side. Going with iFrame seems to be the best option from client side, though there are many other options. Please check this thread.
You can write some smart APIs in SpringController which accepts the folder path or folder name as parameter, picks the necessary pages from the requested folder and serves the user.
Another approach could be to use a headless browser for the server side rendering and give the output as screenshots to client. This can render the pages server side. Please check this thread for more details.
I hope this helps you!

Serving list of files via a spring boot application

I have a spring boot application. my js files and other static files are under /static and when i type something like "http://application ip:port/file1.txt and file1.txt" is under /static, i am able to see it.
But i want to create a directotry say "/static/mydownloads" and want the list of files to be displayed that user can download say
"http://application ip:port/static/mydownloads" must display list of files i can download
"file1d.txt`
file2d.txt
file3d.txt"
and person can download it by clicking on it. I tried resolvers and other random things but it did not work
I suppose you want something like most HTTP daemons have, a directory listing. Well, if you want something like that in Spring Boot, you'll have to develop it by yourself.
First of all, you need a controller. You'll have to loop over all files in a specific directory manually, probably using java.io.File. More information about that can be found in this answer:
How do I iterate through the files in a directory in Java?
Then you'll have to convert the file listing to a model, and use Spring MVC to display a listing of those files.
Spring boot lists /static as a resource folder automatically so it will have to override or extend that functionality to have /static be handled by multiple controllers. https://spring.io/blog/2013/12/19/serving-static-web-content-with-spring-boot
The easiest is probably to hook up a different controller for /mydownloads instead and let it list all the static resources available in /static/mydownloads.

Customized look on first login

I'm working on a java Spring webapp. There is requirement that each user will have possibility to customize the webapp look & feel. I'd like if the user will see the customized look, even on his first login. How would you do that?
My ideas are for the time being
multiple contexts(per customer), but it is not dynamic
send user a link with some attribute, then set the custom info to cookies
in Spring I can possibly create some path variable (#RequestMapping(value = "/{customerId}/login"))
just create universal login page, which will be not customizable
How would you achieve that?
If you want to offer customized looks to every user, you can use use Portlets. Spring also supports Portlet development.
You can give separate URLs to each user, could be using sub-domain or url parameters. Then fetch the request URL in your handling page to deliver specific look-n-feel.
You could also try to explore GrooveUI, which is a third party tool that allows you to define website theme based on access URL.

Using Spring Security in Grails to restrict content access

Let me start off again again by saying that I am still new to Grails and Spring Security. I have been doing my best to sift through the documentation and examples and samples. It all has made me a bit confused or overwhelmed.
I am trying to use Spring to manage user access to information. I have a site framed. I want the admin to be able to add people, locations connected to the people and images of the locations. The picture is connected to the person. I want the people that log-in to be able to see their pictures, only.
Is it better or best practice to do this with sec tags or #Secure annotations or a combination? Which is the most secure? I have restricted access using sec:tags. Is there a sec:tag I can use to select the pictures to be displayed?
I think you can look at this in a simpler way. There are basically 3 ways to manage security with the basic plugin install.
#Secured - This allows you to lock down access to an entire Controller and / or individual actions. Think of this as locking down a URL to a specific set of roles. Changes to this level of security will require a redeploy.
Request Map - You get the same benefit as #Secured with the added bonus of being able to modify Controller / action security in a running environment vs having to do a redeploy.
sec tags - These allow you to lock down the rendering of views. For example, to allow an edit button to show up for one role while hiding it for another role. The sec tags are used in combination with the above methods.
That's really basically it. None of the above are more or less secure than the other. What some people seem to confuse is the concept of "my data" and how Spring Security handles that. If, in a Controller, you want a user to be able to access only their "pictures", you should just query for "pictures" based on the authenticated user.
def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
def pictures = Picture.findAllByUser(authenticatedUser)
The view then only cares about what pictures you sent to it. Each logged in user will then only see their pictures. If the admin is logged in, and needs to see ALL the pictures, you might do something like this:
def authenticatedUser = User.findByUsername(springSecurityService.principal.username)
if (SpringSecurityUtils.ifAllGranted("ROLE_ADMIN")) {
def pictures = Pictures.list()
}
However, I'd probably just have a separate Controller for administrative purposes versus trying to do too much logic in one Controller. Or, move the logic to a Service.
Hope this helps.

Sitemesh different decorators for the same URL

I'm using urlrewriteFilter (org.tuckey.web.filters.urlrewrite.UrlRewriteFilter) to forward pages like www.mysite.com/myname to a Struts2 action. The action is mapped up in sitemesh, and it works properly.
But now I want to keep the same URL but apply another decorator to the page, based on whether the user is logged in or not.
I'm using AppFuse-stack Struts2.
Ok - since no-one else looks like having a go.
Sitemesh selects the decorators based on the incoming url string, so to have different decorators you need different urls depending on the login status of your client. AFAIK Sitemesh uses the entire Url string so this includes parameters so you might get away with appending ?loggedIn="true" or ?loggedIn="false" and map the decorators on this. However this doesn't help with POST requests.
Another way to do it would be to create two Struts packages - one for logged in users and one for anonymous users so your actions will have different paths and then map on the path part of the Url.
I don't know how practical this might be in your scenario, but a third option maybe to have one common decorator and control the layout via seperate stylesheets which you could control via a test in your jsp.
HTH
Regards

Resources