tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phillip Morelock <subscripti...@phillipmorelock.com>
Subject Re: Authentication with Tomcat + Apache
Date Fri, 31 May 2002 09:03:33 GMT
> What would be the best sollution if I have resources (non-HTML like
> movies etc.) which I want to protect with a custom made authentication?

use Servlets.

serve binary data as the output stream instead of text/html .

You can authenticate and do all your other "ok, is this person authorized,
what is the filename" etc., and then serve the headers and the file.

If you're interested in security, definitely do not have any part of the
filename as a request parameter -- look up the filename in the database.

There are packages that implement the raw binary serving in a rudimentary
way, I'm thinking specifically:
http://www.servlets.com/cos/index.html

see the ServletUtils.returnFile method...this should get you started.

Be sure to read the license before using or looking at this code.

cheers
fillup



On 5/31/02 1:38 AM, "Markus Kirsten" <markus.kirsten@iped.vxu.se> wrote:

> What would be the best sollution if I have resources (non-HTML like
> movies etc.) which I want to protect with a custom made authentication?
> I have a servlet which takes care of my authentication and I want this
> servlet to be able to either grant or permit access to a resource based
> on wheter the particular user has an account (in a back end database).
> 
> Thank you!
> 
> 
> Markus
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>
> 


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message