How to protect pdf file with Tomcat filters?_问答_开发者

How to protect pdf file with Tomcat filters?

开发者 https://www.devze.com 2023-03-08 23:16 出处：网络

HI, I am currently running a tomcat instance with struts 1 and I would like tomcat to detect when pdf files are requested in the URL (For example of a link: http://www.***.com/files/action=download&a

HI,

I am currently running a tomcat instance with struts 1 and I would like tomcat to detect when pdf files are requested in the URL (For example of a link: http://www.***.com/files/action=download&name=myreport.pdf).

At this point I want a java class to be instantiated, then using a pdf API I want to inject a password to a file. The main point here is that I do not want to have the password store in the orig开发者_开发技巧inal pdf file I am serving instead I want the password to be injected at runtime by Tomcat.

Please let me know if you have any ideas, I did a little of research and I came across tomcat filters but I am unsure if this will resolve this problem.

Please note the passwords are store in a database table.

Thanks

From the filter we invoke a Java class to do the actual "injecting of password".

The entry in the web.xml will redirect your call to a particular filter.

<!--web.xml call all calls to .pdf will invoke the particular filter.-->
<filter>
   <filter-name>PDF Filter</filter-name>
   <filter-class>PDFFilter</filter-class>
</filter>
<filter-mapping>
   <filter-name>PDF Filter</filter-name>
   <url-pattern>*.pdf</url-pattern>
</filter-mapping>

//This is the actual filter
public class PDFFilter implements Filter 
{
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException 
    {
        PDFPasswordInjector pdfPassInject = new PDFPasswordInjector();
        //use HttpServletRequestWrapper to get the pdf location/pdf name
        pdfPassInject.injectPassword( "<pdf location>" );

        chain.doFilter(request, response);
    }
}

//Java class to inject the password
public class PDFPasswordInjector
{
    public boolean injectPassword( String sPDFName )
        {
                // retrieve password from DB
                // use API to inject password to PDF
        }
}

Create a servlet
Set url-pattern to *.pdf
Whenever your pdf url is called, the servlet is executed.
Do whatever you want from the servlet before returning the PDF to the user in response.

It should be fairly straight forward to write a Filter to intercept all requests that return a PDF. Filter's doFilter() method has access to the request and response so you can modify it however you like.

Filters are not the way to solve this particular problem. Filters allow you to modify requests and cause them to be redirected or redispatched to different servlets. But they don't allow you to rewrite the response body. From what I understand, this is what you are trying to do.

You will have to do the PDF file modification in a Servlet, as described in @Aardvocate's answer.