You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Clark Slater <to...@slatech.com> on 2005/07/12 01:58:12 UTC

file access via HttpSession

Hello-

I am running 5.0.19

Is there a way to restrict access to files in 
a directory based on a value in an HttpSession?

For example:

Customer c = (Customer) httpSession.getValue("Customer");
if (c.getCountryCode().equals("CAN"))

their browser could display any HTML file in

/webapps/ecat/profiles/canada

but not files in

/webapps/ecat/profiles/usa

Of course, files in either of these directories
would not be viewable by the outside world.

Thanks!
Clark



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: file access via HttpSession

Posted by Tim Funk <fu...@joedog.org>.

No, you would need to do this via a programmtic authorization.

There is no declaritive way to do this.

-Tim

Clark Slater wrote:

> Hello-
> 
> I am running 5.0.19
> 
> Is there a way to restrict access to files in a directory based on a 
> value in an HttpSession?
> 
> For example:
> 
> Customer c = (Customer) httpSession.getValue("Customer");
> if (c.getCountryCode().equals("CAN"))
> 
> their browser could display any HTML file in
> 
> /webapps/ecat/profiles/canada
> 
> but not files in
> 
> /webapps/ecat/profiles/usa
> 
> Of course, files in either of these directories
> would not be viewable by the outside world.
> 
> Thanks!
> Clark
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org