Hi experienced Vaadiners,
Is there any way to prevent the user from accessing direct URL, pointing to a Video resource placed inside “WEB-INF”?
Real prevention of resource theft by downloading it, is obviously not possible in the web. So it’s only about slight hardening of the task to a thief trying to download a restricted video.
Direct link to a resource can be easily found via e.g. Chrome Developer Tools and that temporary link obviously allows the user to download the file:
http://webapp.com/APP/connector/14/42/0/0.mp4
Is there any way to implement some sort of filter, possibly a servlet, that would block access to that link if the user opens it in his browser, but would still pass it to the connector, so the resource could still work correctly inside the webapp?
What I already tried to do, I added a new empty UI to prevent opening of that direct link by the user (/APP/connector/…):
public class Preventer extends UI {
@WebServlet(value = "/APP/*", asyncSupported = true)
@VaadinServletConfiguration(productionMode = false, ui = Preventer.class)
public static class PreventerServlet extends VaadinServlet {
}
@Override
protected void init(VaadinRequest request) {
}And it worked, but it also prevented the connector from accessing the link. So no luck here. Does anybody know how to do it? Maybe it’s not possible to do at all in Vaadin?
Maybe I could modify Vaadin’s ResourceReference.java or AbstractClientConnector.java, something inside getURL() or getResource, or maybe handleConnectorRequest()? How could it be done?
Thanks, I am grateful for any answers!
Best regards,