tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Mehrle" <mich...@datasaur.com>
Subject Cross-app security question
Date Mon, 07 Jun 2004 20:17:58 GMT
I do have a question regarding security across appfuse and other
webapps. Currently, I have two separate web applications running under
Tomcat (5.0.26):

- tdx (which is a version of appfuse)
- jGallery (which dynamically serves images)

The way jGallery works is that it 'crossmaps' image gallery directories
dynamically - it's actually pretty cool. What that means is that if I create
a folder at ../tdx/mygallery and put images in it, then typing in a URL such
as:
http://localhost:8080/jGallery/tdx/mygallery/index.html will autogenerate an
index page and also create the approprate slide pages. So far so good....

The problem is that that all my security settings don't work anymore this
way since the images are being served by jGallery (and I don't want to
manage two different security settings). Also, it's difficult to make the
gallery part of my tiles configuration. I can probably point outside of my
app (haven't tried that) but it gets a bit ugly. The security settings are
the bigger problem however. I'd like to be able to map it somehow that
everything goes through the tdx project security. So, in order to see the
images and the gallery index at the URL above, users would have to log in
(such as in the default appfuse installation).

I was thinking that I could somehow bring jGallery inside tdx, but that
would mean having to merge the two web.xml files as well as tdx.xml and
jGallery.xml inside of ..conf/Catalina/localhost/. I'd rather not do that
and am hoping for some elegant solution that allows me to keep the gallery
generator and my main tdx webapp separate.

Any suggestions?



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message