stackoom
  简体   繁体   中英

PHP to serve download for a Java application

 原文  2015-12-06 11:26:23       java/ php/ download/ serving

Question

I am wondering how to make a download server more robust. For now, I have a server, on https, storing zip files, named with a random hash, indexed by my database. The directory containing does not permit listing (htaccess) to avoid manual download directly browsing the directory on the server.

The Java app displays the description of the files, and if the user wants to download it, he simply clicks on download. Java app, if that user is allowed to download, sends to credentials to my PHP script on the server, the PHP script checks them, checks again if that very user is allowed to download that file, retrieves the filename.zip from DB indexed by the file ID the user wants to download, and echoes back that file name. The Java app reads that filename and downloads the file using 

Url url = new URL("https://myserver.com/assets/theAssetToDownload.zip")
URLConnection urlConn = url.openConnection();

InputStream is = urlConn.getInputStream();
FileOutputStream fos = new FileOutputStream("test.zip");

byte[] buffer = new byte[4096];
int len;

while ((len = is.read(buffer)) > 0) {
    fos.write(buffer, 0, len);
}

(shortened the code, needs try/catch, is/fos.close() etc etc)

So far so good, it works well... But... If someone enters, in a browser, the direct url, the file will also be downloaded, without clear check on the authorisation...

So I thought, hey, do not let anybody but the PHP script to access the assets directories! Again, that's a simple htaccess.

But how is the download served then?

Would that be a header and output in my PHP script, like:

header("Content-type: application/octet-stream");
header("Content-disposition: attachment;filename=test.zip");
readfile(test.zip);

In that case, how do I read that from Java side? Also with a getInputStream()?

I do understand that question is generic. How can I do it securely?

1 answers

solution1
 1 ACCPTED  2015-12-06 11:30:45

You could store the file somewhere not accessible from the web, but still readable to the web server, and then with htaccess route all requests to your php script. Combine that with what you already have (headers, output with readfile), and authorization, and that should be it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Java application can not serve two requests simultaneously How to serve a socket from a Java EE application? Download file from java application Running Java application & PHP memcached with a java and php application A Java and PHP application Emulation of Java application on PHP Download data from iPad in java application How to download a file forced to download from a php script in java? Download a zip file from PHP readfile() in Java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM