You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Randy Layman <ra...@aswethink.com> on 2001/07/19 16:25:39 UTC

RE: Tomcat security question

	You would probably be best off implementing it in a servlet.  The
servlet can authenticate  the user, determine the specific file, and then
send the file (not redirect) to the client.  Since you are sending the file
the files can reside anywhere on the system or even on another system.

	Randy

> -----Original Message-----
> From: Hamish Barney [mailto:Hamish.Barney@ect-telecoms.de]
> Sent: Thursday, July 19, 2001 10:56 AM
> To: 'tomcat-user@jakarta.apache.org'
> Subject: Tomcat security question
> 
> 
> Just hoping someone can help me deal with this question...
> 
> In the application I'm developing I need to restrict access 
> to a bunch of
> binary files (sound recordings). Each user should only be 
> able to download
> their own files. Files and users will be added and deleted 
> dynamically. The
> realm based security in Tomcat doesn't seem to support the 
> security model I
> require (creating a new role for every single user and 
> associating that with
> their files isn't really practical). Does anyone have an idea 
> as to how
> acheive the required security within a Tomcat framework.
> 
> Thanks,
> Hamish
>