通过超链接下载文件,会暴露了下载文件在服务器中的真实地址,不利于对资源进行安全保护,而且利用超链接下载文件,服务器端得文件只能存放在Web应用程序所在的目录下。
利用程序编码实现下载,可以增加安全机制,比如我们只能让VIP会员下载等等。还可以从任意位置进行下载,我们可以将文件放到Web应用程序以外的目录中。
把文件目录直接暴露给用户是很不安全的。所以要用Servlet来做,而且这样做,文件的存储方式就更丰富了,可以是从文件系统上取来的,也可以是数据库中经过计算生成的,或者从其它什么稀奇古怪的地方取来的。
public class ShowFileServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String path = "c:/file"; //声明集合存放目录下所有文件的文件名 List<String> fileList = new ArrayList<String>(); File folder = new File(path); //判断文件夹是否存在并且是否是一个目录 if(folder.exists() && folder.isDirectory()){ //获得目录中所有文件及目录 File[] files = folder.listFiles(); for (File file : files) { //如果是文件 if(file.isFile()){ //将文件名放入集合中 fileList.add(file.getName()); } } } request.setAttribute("fileList", fileList); request.getRequestDispatcher("showfile.jsp").forward(request, response); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request,response); } }
showfile.jsp
<%@ page language="java" pageEncoding="UTF-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>显示所有文件</title> </head> <body> 请选择您要下载的文件:<br/> <c:forEach items="${fileList}" var="fileName"> <a href="downLoadServlet?filename=${fileName }">${fileName }</a><br/> </c:forEach> </body> </html>
DownLoadServlet.java
import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; public class DownLoadServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String path = "C:/file"; String fileName = request.getParameter("filename"); File file = new File(path + "/" + fileName); //如果文件存在 if (file.exists()) { //设置响应类型及响应头 response.setContentType("application/x-msdownload"); response.addHeader("Content-Disposition", "attachment; filename=\"" + fileName + "\""); //读取文件 InputStream inputStream = new FileInputStream(file); BufferedInputStream bis = new BufferedInputStream(inputStream); byte[] bytes = new byte[1024]; ServletOutputStream outStream = response.getOutputStream(); BufferedOutputStream bos = new BufferedOutputStream(outStream); int readLength = 0; while ((readLength = bis.read(bytes)) != -1) { bos.write(bytes, 0, readLength); } //释放资源 inputStream.close(); bis.close(); bos.flush(); outStream.close(); bos.close(); } } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response); } }