tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Roberts <>
Subject Re: Session\Security Checking
Date Mon, 28 Jul 2003 15:58:02 GMT
Any of the "container authentication" methods do this for you.

Look into "BASIC AUTH", "FORM AUTH" and JDBC Realm and you should find all you 
need to know about how that works.

Once you decide which AUTH method is best for your situation, we can help you 
get it working.

Robert Priest wrote:
> How can I check for a Valid session id before allowing access to a file?
> For example:
> - I have a directory containing files for download:
> http://localhost/myservlet/downloaddir/
> - but before you download a file, say abc.jar (by using
> "http://localhost/myservlet/downloaddir/abc.jar"), I want to make sure that
> you have a valid session id. If your
> session id is invalid, you get an access denied page. if not, a http
> download is started.
> so I guess what I want is to intercept any request to that "downloaddir"
> and perform session\security checking (by another servlet or jsp page)
> before allowing access... 
> Now, is adding additional servlet\jsp the best way to go about this, or is
> there a better way through Tomcat configuration?
> Thanks.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

* Rick Roberts                            *
* Advanced Information Technologies, Inc. *

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message