How to control the authorization when upload image

Well, there are two options to achieve this. You first have to realize, how can you safely determine who has created a specific directory? Do you 'chown' on every directory and file? Java does not allow to determine the object owner directly (except upcoming NIO 2 in Java 7 maybe). I wouldn't go this way.

The preferred option would be to provide a userfiles folder for every user. To provide this, you have to implement UserPathBuilder interface and serve paths as desired.

Be aware that this is virtually a superficial restriction/listing. No one hinders other users to access someone other's files directly through browser's address bar.

Mike

gaoge_2000 wrote::)
Thanks, Mike!

It seems that "UserPathBuilder" is more applicable to our application, it 's much better now although

essentially it can't stop user view others' directory.

May be in our business application(e.g. a forum), we already recorded relationship between the uploaded file and the

upload user in the database. So it may be possible to control which folder should be open for the termimal user

when "getFolderAndList" action triggers. This mean, we don't expect to "check own" on each directory in the server.

Any way, your suggestion is very useful for me.


Cheers.

coolgeek wrote:Sorry if this is a noob question, but I'd like to achieve the same goal - each user being directed to their own directory - but I'm not using java... the app I'm using FCKeditor in is developed in PHP. Do I have any options, or do I need to look somewhere else?

Thanks