You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Vlad Teplitsky <vl...@ucla.edu> on 2001/04/18 03:38:18 UTC

Resticting Access

Hi,

I am migrating to Tomcat from JWS 2.0 and trying to restrict access to a
given subtree on the server.  I've tried using JDBCRealm and it works,
however it doesn't satisfy my needs.  I am trying to restrict access for
a user once, make him/her login and then grant access for as long as the
session is still alive.

Here is how I restricted access under JWS 2.0:
1)  A servlet (say RestictServlet) was written and mapped so that it
would intercept all static requests, basically done by mapping
RestictServlet to "/".
2) This servlet would process a request, figure out if restricted file
was being access and would either redirect the user to the login servlet
or would give the user the file by executing the following snippet of
code:
   RequestDispatcher rd = ctx.getRequestDispatcher("file");
   rd.forward(req, res);
Under JWS 2.0, a servlet "file" was responsible for serving static
content to the user.

I've tried to look for the equivalent of "file" servlet in Tomcat.  I've
found org.apache.tomcat.request.StaticInterceptor servlet.  Is this it?
If yes, how to I refer (create a RequestDispatcher) to it?  What is its
name?  Do I have to modify web.xml file for my application to include
StaticInterceptor servlet?

Thank you in advance,
Vlad