tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hemant Singh" <>
Subject Re: Problem in access control of resources
Date Thu, 10 Feb 2000 13:13:38 GMT
HI Pankaj:
How you transfer the word documents to the client? I mean you expect user to download it,
or view it in there web browser?
In both ways what you can do is that instead of redirecting the client to word files, you
read those word files in your jsp or servlet and write that file to users stream, And as you
jsp or servlet will always have maintained in session(or whatever) that user has logged in
or not, so i guess this will solve your problem.
  ----- Original Message ----- 
  From: Pankaj Chhaparwal 
  Sent: Sunday, June 10, 2001 7:58 AM
  Subject: Problem in access control of resources

  Hi All,

  Servlet spec 2.2 states

  I am using Apache and Tomcat to build my website. The adapter is JServ.I have certain word
documents which have to be displayed on the browser on demand  from the end user. I dont want
to end users to view these documents unless they have logged into the system. What happens
right now is that user can see the url of word document when the jsp redirects him to word
document on receiving the request. He can then access the document from the webserver even
if he has not logged into the website. Is there anyway I can prevent this from happening?
Ideally I would like Apache to serve all the word documents since they are static files. But
I am also considering Tomcat to serve this file.

  Also I have another question on access control. Servel 2.2 spec states the following

  Access control for resources: The mechanism by which interactions with resources are limited
  to collections of users or programs for the purpose of enforcing availability, integrity,
  How can we limit interaction with resources to collections of programs?

  Any help on this would be greatly appreciated.

  Thanks & Regards,

View raw message