statement of problem
The development of the Internet has brought tremendous changes to our lives, more and more people are willing to enjoy online convenient services, such as online shopping, online booking, etc. A class of services in which the service is the information content download service, including music, reference information, downloads, etc. Usually, the information content download service has the following requirements:
● The user who can download must have access to the information content;
● Each information content must have independent download permission control, can download the user of a certain information, not necessarily to download another information;
● From the user's point of view, the file name should be kept to the actual name of the download information.
In fact, if the usual development method is employed, the above three points are more difficult to satisfy: permission control through scripts (such as ASP), the download file name may become the name of the script; if you want to keep the download file name, possible authority cannot be control. This article will appear from the HTTP protocol, the web server, combine how to implement the above requirements in conjunction with the currently popular web development method (Java, ASP).
Solution
There are many ways to solve this problem, and the following is introduced:
First method direct virtual path method
The direct virtual path method refers to the file name directly in the download URL and sets the virtual path name before the file name (must be guaranteed to pass the path is not available). In this way, the download name displayed by the browser is the original file name, and the illegal user cannot obtain the file due to the path does not exist.
This method mainly uses the web server mapping (MAP) function, and the idea is:
● Receive the user's download URL request by the web server, and the virtual path mapping (MAP) is called for the corresponding server program (the program is developed independently);
● The server program verifies the user's permissions, if illegal, refuses the service;
● Server program response variable from HTTP http_
The file name is obtained in Path_INFO and the actual path name is obtained by prior configuration;
● The server program reads the file content in a stream, and is downloaded for legal users.
Different web servers are different from the server program written. The filter can be implemented with a filter in IIS, while the Java server can use the servlet. Below is an example implemented with servlet (download):
Public void doget (httpservletRequest Request,
Httpservletresponse response
Throws ServleTexception, IOException
{
String Dir_info = "c: / temp";
Try
{
HttpSession session = request. Getsession (false);
IF (session == NULL)
/ / As an example, simple weight limit
{
Response.Getwriter (). Println ("
Under the error: [1000] No authority ");
Return;
}
String path_info = request. GetPathInfo (); // Different servers may handle different
IF (PATH_INFO == Null || Path_info. Trim (). Length () == 0)
{
Response.Getwriter (). Println ("
Under the error: [2000] No file name ");
Return;
}
String full_path = DIR_INFO PATH_INFO;
FileInputStream in = new fileinputstream (full_path); response.setContentType ("bin");
ServletOutputStream out = response.getOutputStream ();
INT B;
While ((b = in.read ())! = - 1)
{
Out.write (b);
}
In.Close ();
}
Catch (Exception E)
{
Return;
}
}
C: / TEMP / TEST. ZIP documentation can be downloaded via http: // localhost / servlet / download / test. Zip.
Second method indirect path method
The indirect path method refers to the downloading the file name in the download URL, and the download URL is mainly used to implement permission control, and the file name is provided in the parameter. At this time, the download name displayed by the browser is not the actual download file name, but the name of the server program for permission control, must change its name to the original file name.
This method mainly implements the HTTP header response protocol (HTTP header), its idea is:
1. Permission Control The URL Server Program verifies the user's permissions, if illegal is illegally refused.
2. Server programs get file names from HTTP parameter variables and acquire the actual path name by prior configuration.
3. The server program uses the HTTP response head Content-Disposition (detailed instructions can see RFC2183), set the download file name, as shown below:
Content-disposition: attachment; filename = download file name
4. The server program reads the contents of the file in a stream, and is available for legal users to download.
The server program here can be CGI, Servlet, JSP, ISAPI, ASP, etc. The following is an example of implementing an ASP:
<%
Response.buffer = TRUE
DIM STRDIR, STRFULLPATH, STRNAME
DIM VNTSTREAM
strDir = "C: / TEMP /"
IF session ("Download") = "" ""
'As an example, simple weight limit discrimination
Response.write ("has the following error: [1000] no
Have permission")
Response.end
END IF
If Request ("FileName") = "" ""
Response.write ("has the following error: [2000]
Provide file name ")
Response.end
END IF
Strname = Request ("filename") strfullpath = strdir strname response.contentType = "bin"
'Setting the download file name
Response.addheader "Content-Disposition", "Attachment; FileName =" & strname
Set omyObject = server.createObject ("MyObject. Binread")
'Binary read objects that can be developed
VntStream = omyObject. Readbinfile (StrfullPath)
Response.binaryWrite (VNTSTream)
Set omyObject = Nothing response.end
%>
C: /TEMP/Test.zip documents can be downloaded via http: //localhost/download.asp? Filename = test.zip.
