You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Ralph Einfeldt <ra...@uptime-isc.de> on 2001/07/03 15:16:39 UTC
Protecting static resources with tomcat and apache
Can somebody answer this question or provide a link ?
If using Tomcat 3.2/4.0 with apache and form based
login, will the resources that are served directly
by apache be protected, and how is it done ?
As far as I understood tomcat stores username and
password in the session and checks on each request
if the requested resource is proteted and the stored
user has the credentials to access it.
(org/apache/tomcat/request/AccessInterceptor.java)
But apache doesn't know anything about the tomcat
session (it may know the session id from the cookie
or the url but has no access to the internal data
of the session) so how can apache protect the static
resources ?