tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Roberts <techi...@ait-web.com>
Subject Re: Session\Security Checking
Date Mon, 28 Jul 2003 16:08:36 GMT
Found a link for ya:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html

Rick

Robert Priest wrote:
> How can I check for a Valid session id before allowing access to a file?
> 
> For example:
> 
> - I have a directory containing files for download:
> http://localhost/myservlet/downloaddir/
> - but before you download a file, say abc.jar (by using
> "http://localhost/myservlet/downloaddir/abc.jar"), I want to make sure that
> you have a valid session id. If your
> session id is invalid, you get an access denied page. if not, a http
> download is started.
> 
> so I guess what I want is to intercept any request to that "downloaddir"
> and perform session\security checking (by another servlet or jsp page)
> before allowing access... 
> 
> 
> Now, is adding additional servlet\jsp the best way to go about this, or is
> there a better way through Tomcat configuration?
> 
> 
> Thanks.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 

-- 
*******************************************
* Rick Roberts                            *
* Advanced Information Technologies, Inc. *
*******************************************


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message