Hi everybody, I have the following problem: I have a web application that is deployed in a war files. This web application serves a lot of static content files (the users are able to upload the content (html, imgages ...)). Obviously it is not meaningful to pack the user's content in the war file, because the content is user generated and an update of the application should not touch these files. Moreover the delivery of the content is restricted: You can only download the content if you are logged in.
My current approach is as follows: The content is stored in a directory outside the docBase of the application and a servlet is used to check the session, read the files from the file system and deliver it to the client. In this servlet I'm handling with file streams and set the http headers (like "content-type", "Last-modified" ...) manually which is ugly in my eyes. My Questions are: - Is there an elegant way to server files that are not stored in the webapps directory (something like a RequestDispatcher for files in the file system)? - Is there a way to protect a directory from being overridden when deploying the war file? This directory then could be used to store the content and a filter could check the session. Regards, Jan
