apache tomcat file download only after session authentication jsp

Hi i am using apache tomcat. i ha开发者_StackOverflowve a jsp file for entering user name and password and a java bean for authentication. after user have been authenticated i create a session variable with the user name and another by the name of "authenticated" with the value true. i want to allow file download only after the session variable "authentication" == true; i also want to do some processing before the download (registering the user name who downloaded..)

the problem: lets say i have the file "download.bin" inside directory "/downloads" so anyone who go directly to url "downloads/download.bin" will get the file.

1.can i prevent direct download of the file 2. enable the file download only after session authentication.

thanks.

You can prevent the file from being directly downloaded. One common way to do that would be to put your /downloads folder inside of the WEB-INF. Create a servlet which checks your authentication flag and then sends the file to the user. A users request may look something like the following:

http://localhost/myApp/downloadServlet?filename=download.bin

Since content inside the WEB-INF is not available publicly, you can hide your files there.