What best practice do you recommend for files authorization with GWT?

I want to show pdf files in my webpage and I am using GWT.

It is possible to write this simples code:

Frame frame = new Frame();
frame.setUrl("http://127.0.0.1:8888/documents/file.pdf");

However, this way I believe is not possible to manage authorization because ever开发者_Python百科yone having that URL can see the pdf document.

What are your recommendations to deal with this authorization issue using files with GWT?

If your pdf file is served directly from a Java servlet container (e.g. Tomcat, Jetty, ...), you can use a Servlet Filter, which checks

1. If the client is logged in (using a HTTP session) and
2. If the user has the permission to load the file.

You can use http://www.developer.com/security/article.php/3467801/Securing-J2EE-Applications-with-a-Servlet-Filter.htm as a starting point - and adapt it to your requirements (e.g. you don't have to use Spring like the author does).

Instead of filter (from @Chris suggestion) you can put download servlet behind security constraint defined in web.xml.

The easiest way is converting the document to base64 and use iframe tag in the client.

<iframe src="data:application/pdf;base64,d2luZG93LmFsZX..."/>