tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Priest <>
Subject Session\Security Checking
Date Mon, 28 Jul 2003 15:34:46 GMT
How can I check for a Valid session id before allowing access to a file?

For example:

- I have a directory containing files for download:
- but before you download a file, say abc.jar (by using
"http://localhost/myservlet/downloaddir/abc.jar"), I want to make sure that
you have a valid session id. If your
session id is invalid, you get an access denied page. if not, a http
download is started.

so I guess what I want is to intercept any request to that "downloaddir"
and perform session\security checking (by another servlet or jsp page)
before allowing access... 

Now, is adding additional servlet\jsp the best way to go about this, or is
there a better way through Tomcat configuration?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message