tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pankaj Chhaparwal <pchhapar...@Houston.GeoQuest.SLB.COM>
Subject Re: Problem in access control of resources
Date Mon, 11 Jun 2001 04:55:53 GMT
Hi Hemant,
The user should have both the options to view it or download it. The 
problem with streaming is that it is somewhat slow(since you have to first 
read it and then write it in a stream).The second issue is that for e.g. if 
I read a word document in a stream and then write it in a stream , the 
browser doesnt know that its a word document and just renders it as a txt 
document. In the case of word docs and xls the output on the browser is all 
junk. Please let me know what you think on this.

Thanks a lot for your help Hemant.

Regards,
Pankaj


At 06:43 PM 2/10/2000 +0530, you wrote:
>HI Pankaj:
>How you transfer the word documents to the client? I mean you expect user 
>to download it, or view it in there web browser?
>In both ways what you can do is that instead of redirecting the client to 
>word files, you read those word files in your jsp or servlet and write 
>that file to users stream, And as you jsp or servlet will always have 
>maintained in session(or whatever) that user has logged in or not, so i 
>guess this will solve your problem.
>Regards,
>Hemant
>----- Original Message -----
>From: <mailto:pchhaparwal@Houston.GeoQuest.SLB.COM>Pankaj Chhaparwal
>To: <mailto:tomcat-user@jakarta.apache.org>tomcat-user@jakarta.apache.org
>Sent: Sunday, June 10, 2001 7:58 AM
>Subject: Problem in access control of resources
>
>Hi All,
>
>Servlet spec 2.2 states
>
>
>
>I am using Apache and Tomcat to build my website. The adapter is JServ.I 
>have certain word documents which have to be displayed on the browser on 
>demand  from the end user. I dont want to end users to view these 
>documents unless they have logged into the system. What happens right now 
>is that user can see the url of word document when the jsp redirects him 
>to word document on receiving the request. He can then access the document 
>from the webserver even if he has not logged into the website. Is there 
>anyway I can prevent this from happening? Ideally I would like Apache to 
>serve all the word documents since they are static files. But I am also 
>considering Tomcat to serve this file.
>
>
>
>Also I have another question on access control. Servel 2.2 spec states the 
>following
>
>Access control for resources: The mechanism by which interactions with 
>resources are limited
>to collections of users or programs for the purpose of enforcing 
>availability, integrity, or
>confidentiality.
>How can we limit interaction with resources to collections of programs?
>
>Any help on this would be greatly appreciated.
>
>Thanks & Regards,
>Pankaj


Mime
View raw message