Important Notice - Forums is archived
To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.
Resource theft protection
Hi experienced Vaadiners,
Is there any way to prevent the user from accessing direct URL, pointing to a Video resource placed inside "WEB-INF"?
Real prevention of resource theft by downloading it, is obviously not possible in the web. So it's only about slight hardening of the task to a thief trying to download a restricted video.
Direct link to a resource can be easily found via e.g. Chrome Developer Tools and that temporary link obviously allows the user to download the file:
http://webapp.com/APP/connector/14/42/0/0.mp4
Is there any way to implement some sort of filter, possibly a servlet, that would block access to that link if the user opens it in his browser, but would still pass it to the connector, so the resource could still work correctly inside the webapp?
What I already tried to do, I added a new empty UI to prevent opening of that direct link by the user (/APP/connector/...):
public class Preventer extends UI {
@WebServlet(value = "/APP/*", asyncSupported = true)
@VaadinServletConfiguration(productionMode = false, ui = Preventer.class)
public static class PreventerServlet extends VaadinServlet {
}
@Override
protected void init(VaadinRequest request) {
}
And it worked, but it also prevented the connector from accessing the link. So no luck here. Does anybody know how to do it? Maybe it's not possible to do at all in Vaadin?
Maybe I could modify Vaadin's ResourceReference.java or AbstractClientConnector.java, something inside getURL() or getResource, or maybe handleConnectorRequest()? How could it be done?
Thanks, I am grateful for any answers!
Best regards,