0

On my website; users can upload their pictures. I am using tomcat with apache , hibernate, jpa.

I would prefer to keep these images at some location like /var/ImagesUploaded on my ubuntu box. Using Java I can refer these files in directory /var/ImagesUploaded using java.io but how will I show these images on HTML pages to user? On HTML files we need tags like <img src=''> and this src is relative to the webapp. So, is it that I have to keep the user uploaded images inside my webapp ONLY! Or is there a better solution?

gen_Eric
  • 223,194
  • 41
  • 299
  • 337
Deepak Singhal
  • 10,568
  • 11
  • 59
  • 98

3 Answers3

1

Either configure your webserver to server files from /var/imagesUploaded (for example, as /imguploads), or use a script that reads the image and outputs it to the user, with the correct headers.

Konerak
  • 39,272
  • 12
  • 98
  • 118
  • 1
    But bear in mind that serving entire files uploaded by users without thoroughly checking them is generally a very bad idea. – biziclop May 25 '12 at 19:21
  • biziclop:As of now only validations I am doing are on size, extensions, and manually moderating( if file is an adult file etc) the files. Did you mean that we should validate if user has uploaded a file with extension .jpg; it is actually a valid jpeg file and not some js file ? Can you suggest any generic way to handle multiple extensions ? – Deepak Singhal May 25 '12 at 19:30
  • Konerak: Can you explain what do you mean by using scripts ? How will I define tag when sending HTML response ? Also I am using apache in front of tomcat. Can you please help me how to configure it ? – Deepak Singhal May 25 '12 at 19:35
  • @Deepak Yes, that's what I meant: checking that the image file is indeed an image and not, for example HTML. – biziclop May 25 '12 at 19:45
  • @bizclop: Can you suggest me any easy way to check if uploaded file is suppose a valid jpeg, jpg, png file or not ? – Deepak Singhal May 25 '12 at 20:36
1

How about reading the images on your application, and then serve them to your user as a base64 encoded stream? That way, you don't have to expose your image directory to the web, and can effectively prevent it from being crawled by bots.

  1. Read the file as an InputStream inside your application using java.io
  2. Convert it to Base64 using Apache Commons Codec. encodeBase64URLSafeString(IOUtils.toByteArray(yourImageAsInputStream);
  3. In your response HTML, embed the image as <img src="data:image/jpeg;base64,encodedString">

This post on SO might be useful as well.

Community
  • 1
  • 1
Jeshurun
  • 22,940
  • 6
  • 79
  • 92
0

You have several options:

  1. If you are on Tomcat 7, you can use the "alias" feature in your <Context> element (http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Standard_Implementation)

  2. You can attempt to map the DefaultServlet on some special path like "/uploads/*", but be aware that some versions of Tomcat have a DefaultServlet that basically does not work properly when it is not mapped to "/"

  3. You can write your own servlet to serve the bits yourself, though you will end up duplicating a lot of the capabilities of the DefaultServlet and may fall short in the robustness category (e.g. implementing Range queries, etc.)

Note that if you write your own servlet, you have the option of performing user-based checks for authorized access to certain resources. Maybe you don't want your whole uploads directory to be accessible by, say, Google.

Christopher Schultz
  • 20,221
  • 9
  • 60
  • 77