You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Pankaj Chhaparwal <pc...@Houston.GeoQuest.SLB.COM> on 2001/06/10 04:28:52 UTC
Problem in access control of resources
Hi All,
Servlet spec 2.2 states
I am using Apache and Tomcat to build my website. The adapter is JServ.I
have certain word documents which have to be displayed on the browser on
demand from the end user. I dont want to end users to view these documents
unless they have logged into the system. What happens right now is that
user can see the url of word document when the jsp redirects him to word
document on receiving the request. He can then access the document from the
webserver even if he has not logged into the website. Is there anyway I can
prevent this from happening? Ideally I would like Apache to serve all the
word documents since they are static files. But I am also considering
Tomcat to serve this file.
Also I have another question on access control. Servel 2.2 spec states the
following
Access control for resources: The mechanism by which interactions with
resources are limited
to collections of users or programs for the purpose of enforcing
availability, integrity, or
confidentiality.
How can we limit interaction with resources to collections of programs?
Any help on this would be greatly appreciated.
Thanks & Regards,
Pankaj
Re: Problem in access control of resources
Posted by Hemant Singh <Si...@Yahoo.com>.
HI Again Pankaj:
When it comes to rendering of browser, i will say it all depends on headers that you send it from servlet, if send the right header applicable for word ( i guess "application/doc", if not let me know i will checkout and find the correct one for u), than there is just no reason that why browser will not render it as a doc file,
But here you are not only making ur website platform dependent but also browser dependent as in case of IE it is offcourse capable of opening the word file as inprocess because of IE have a plugin for it, But what about Netscape, he will offcourse bring the dialog box asking the user that whether he wishes to download it or not(Whatever)
Regards
Hemant
----- Original Message -----
From: Pankaj Chhaparwal
To: tomcat-user@jakarta.apache.org
Sent: Monday, June 11, 2001 10:25 AM
Subject: Re: Problem in access control of resources
Hi Hemant,
The user should have both the options to view it or download it. The problem with streaming is that it is somewhat slow(since you have to first read it and then write it in a stream).The second issue is that for e.g. if I read a word document in a stream and then write it in a stream , the browser doesnt know that its a word document and just renders it as a txt document. In the case of word docs and xls the output on the browser is all junk. Please let me know what you think on this.
Thanks a lot for your help Hemant.
Regards,
Pankaj
At 06:43 PM 2/10/2000 +0530, you wrote:
HI Pankaj:
How you transfer the word documents to the client? I mean you expect user to download it, or view it in there web browser?
In both ways what you can do is that instead of redirecting the client to word files, you read those word files in your jsp or servlet and write that file to users stream, And as you jsp or servlet will always have maintained in session(or whatever) that user has logged in or not, so i guess this will solve your problem.
Regards,
Hemant
----- Original Message -----
From: Pankaj Chhaparwal
To: tomcat-user@jakarta.apache.org
Sent: Sunday, June 10, 2001 7:58 AM
Subject: Problem in access control of resources
Hi All,
Servlet spec 2.2 states
I am using Apache and Tomcat to build my website. The adapter is JServ.I have certain word documents which have to be displayed on the browser on demand from the end user. I dont want to end users to view these documents unless they have logged into the system. What happens right now is that user can see the url of word document when the jsp redirects him to word document on receiving the request. He can then access the document from the webserver even if he has not logged into the website. Is there anyway I can prevent this from happening? Ideally I would like Apache to serve all the word documents since they are static files. But I am also considering Tomcat to serve this file.
Also I have another question on access control. Servel 2.2 spec states the following
Access control for resources: The mechanism by which interactions with resources are limited
to collections of users or programs for the purpose of enforcing availability, integrity, or
confidentiality.
How can we limit interaction with resources to collections of programs?
Any help on this would be greatly appreciated.
Thanks & Regards,
Pankaj
Re: Problem in access control of resources
Posted by Pankaj Chhaparwal <pc...@Houston.GeoQuest.SLB.COM>.
Hi Hemant,
The user should have both the options to view it or download it. The
problem with streaming is that it is somewhat slow(since you have to first
read it and then write it in a stream).The second issue is that for e.g. if
I read a word document in a stream and then write it in a stream , the
browser doesnt know that its a word document and just renders it as a txt
document. In the case of word docs and xls the output on the browser is all
junk. Please let me know what you think on this.
Thanks a lot for your help Hemant.
Regards,
Pankaj
At 06:43 PM 2/10/2000 +0530, you wrote:
>HI Pankaj:
>How you transfer the word documents to the client? I mean you expect user
>to download it, or view it in there web browser?
>In both ways what you can do is that instead of redirecting the client to
>word files, you read those word files in your jsp or servlet and write
>that file to users stream, And as you jsp or servlet will always have
>maintained in session(or whatever) that user has logged in or not, so i
>guess this will solve your problem.
>Regards,
>Hemant
>----- Original Message -----
>From: <ma...@Houston.GeoQuest.SLB.COM>Pankaj Chhaparwal
>To: <ma...@jakarta.apache.org>tomcat-user@jakarta.apache.org
>Sent: Sunday, June 10, 2001 7:58 AM
>Subject: Problem in access control of resources
>
>Hi All,
>
>Servlet spec 2.2 states
>
>
>
>I am using Apache and Tomcat to build my website. The adapter is JServ.I
>have certain word documents which have to be displayed on the browser on
>demand from the end user. I dont want to end users to view these
>documents unless they have logged into the system. What happens right now
>is that user can see the url of word document when the jsp redirects him
>to word document on receiving the request. He can then access the document
>from the webserver even if he has not logged into the website. Is there
>anyway I can prevent this from happening? Ideally I would like Apache to
>serve all the word documents since they are static files. But I am also
>considering Tomcat to serve this file.
>
>
>
>Also I have another question on access control. Servel 2.2 spec states the
>following
>
>Access control for resources: The mechanism by which interactions with
>resources are limited
>to collections of users or programs for the purpose of enforcing
>availability, integrity, or
>confidentiality.
>How can we limit interaction with resources to collections of programs?
>
>Any help on this would be greatly appreciated.
>
>Thanks & Regards,
>Pankaj
Re: Problem in access control of resources
Posted by Hemant Singh <he...@yahoo.com>.
HI Pankaj:
How you transfer the word documents to the client? I mean you expect user to download it, or view it in there web browser?
In both ways what you can do is that instead of redirecting the client to word files, you read those word files in your jsp or servlet and write that file to users stream, And as you jsp or servlet will always have maintained in session(or whatever) that user has logged in or not, so i guess this will solve your problem.
Regards,
Hemant
----- Original Message -----
From: Pankaj Chhaparwal
To: tomcat-user@jakarta.apache.org
Sent: Sunday, June 10, 2001 7:58 AM
Subject: Problem in access control of resources
Hi All,
Servlet spec 2.2 states
I am using Apache and Tomcat to build my website. The adapter is JServ.I have certain word documents which have to be displayed on the browser on demand from the end user. I dont want to end users to view these documents unless they have logged into the system. What happens right now is that user can see the url of word document when the jsp redirects him to word document on receiving the request. He can then access the document from the webserver even if he has not logged into the website. Is there anyway I can prevent this from happening? Ideally I would like Apache to serve all the word documents since they are static files. But I am also considering Tomcat to serve this file.
Also I have another question on access control. Servel 2.2 spec states the following
Access control for resources: The mechanism by which interactions with resources are limited
to collections of users or programs for the purpose of enforcing availability, integrity, or
confidentiality.
How can we limit interaction with resources to collections of programs?
Any help on this would be greatly appreciated.
Thanks & Regards,
Pankaj
Apache+Tomcat connection problem
Posted by istvan bereti <is...@kolumbus.fi>.
Hi,
I try to configure Tomcat and Apache communication and I seems to have
problems. If you have this kind of experience please help me!
I used Jserv and now I installed tomcat from rpm package and apache.
Tomcat works fine standalone on the port 8080. 3.2.2. SUN jdk1.3.1
Apache 1.3.14. on Linux Mandrake 7.2. Also works fine.
If I telnet to the ports 8007. 8009 tomcat throws an exception, so this is
ok.
But when I try to connect the same servlet with apache it just says in the
apache error log that the file is not existing.
#
# Root context mounts for Tomcat
#
JkMount /*.jsp ajp13
JkMount /servlet/* ajp13
This should mean that if it's servlet in the first in the URI it should call
the ajp13.
For httpd -l I got
Compiled-in modules:
http_core.c
mod_so.c
suexec: enabled; valid wrapper /usr/sbin/suexec
The strange thing is that it seems to be that apache never calls the ajp13
connector.
If you had similar problem please let me know.
I also tried the jserv module but the same result. So what do I miss from
the config? It can't be so complicated that it takes 3 days to configure
it...
How or where can I see what does apache?
here is the jk_conf which is included in the httpd.conf:
###################################################################
# Auto generated configuration. Dated: Mon Jul 24 18:56:51 CEST 2000
###################################################################
JkWorkersFile /etc/httpd/conf/workers.properties
JkLogFile /var/log/httpd/mod_jk.log
#
# Log level to be used by mod_jk
#
JkLogLevel error
JkMount /*.jsp ajp13
JkMount /servlet/* ajp13