access rights for JAR

[Deepa Khetan <de...@gmail.com>]

Can i specify in my Config Files(web.xml or struts-config.xml) that a JAR
file cannot be downloaded without logging into the system??
 Regards,
Deepa

Re: access rights for JAR

[Laurie Harper <la...@holoweb.net>]

If you're using (or are willing to use) container managed security, 
Nick's suggestion will work for that scenario. Add a security constraint 
to your web.xml for the applet JAR. If you can't use container managed 
security, you'll have to get rather more fancy, for example by providing 
a servlet to serve up the applet and storing the JAR somewhere under 
WEB-INF to prevent direct access.

L.

Deepa Khetan wrote:
> Well, The exact problem is, my Applet.jar gets downloaded at the client
> side, on request. But any person who knows the path of this JAR file, on the
> server, can download this JAR. So, i was just thinking, if i can specify
> somewhere that this JAR canot be downloaded unless an Authenticated user
> tries to do it. It needs to be downloaded only after a person logs into the
> system and clicks on the function to Upload Files( For which this JAR gets
> downloaded).
> 
> Deepa
> 
> 
> On 11/22/05, Nick Sophinos <ni...@gmail.com> wrote:
>> I imagine that the same mechanism that protects a web directory would
>> work.
>> One example would be to specify in the web.xml for the container to
>> protect
>> a
>> given directory with authentication. See any book on servlets or JSP about
>> that one.
>>
>> There are more sophisticated ways, but given the general nature of your
>> question, I would start with that general solution.
>>
>> - Nick
>>
>> On 11/22/05, Deepa Khetan <de...@gmail.com> wrote:
>>> Can i specify in my Config Files(web.xml or struts-config.xml) that a
>> JAR
>>> file cannot be downloaded without logging into the system??
>>> Regards,
>>> Deepa
>>>
>>>
>>
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: access rights for JAR

[Deepa Khetan <de...@gmail.com>]

Well, The exact problem is, my Applet.jar gets downloaded at the client
side, on request. But any person who knows the path of this JAR file, on the
server, can download this JAR. So, i was just thinking, if i can specify
somewhere that this JAR canot be downloaded unless an Authenticated user
tries to do it. It needs to be downloaded only after a person logs into the
system and clicks on the function to Upload Files( For which this JAR gets
downloaded).

Deepa


On 11/22/05, Nick Sophinos <ni...@gmail.com> wrote:
>
> I imagine that the same mechanism that protects a web directory would
> work.
> One example would be to specify in the web.xml for the container to
> protect
> a
> given directory with authentication. See any book on servlets or JSP about
> that one.
>
> There are more sophisticated ways, but given the general nature of your
> question, I would start with that general solution.
>
> - Nick
>
> On 11/22/05, Deepa Khetan <de...@gmail.com> wrote:
> >
> > Can i specify in my Config Files(web.xml or struts-config.xml) that a
> JAR
> > file cannot be downloaded without logging into the system??
> > Regards,
> > Deepa
> >
> >
>
>

Re: access rights for JAR

[Nick Sophinos <ni...@gmail.com>]

I imagine that the same mechanism that protects a web directory would work.
One example would be to specify in the web.xml for the container to protect
a
given directory with authentication. See any book on servlets or JSP about
that one.

There are more sophisticated ways, but given the general nature of your
question, I would start with that general solution.

- Nick

On 11/22/05, Deepa Khetan <de...@gmail.com> wrote:
>
> Can i specify in my Config Files(web.xml or struts-config.xml) that a JAR
> file cannot be downloaded without logging into the system??
> Regards,
> Deepa
>
>