tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jose María Zaragoza <demablo...@gmail.com>
Subject Re: Limiting access to resources, based on username, not on the user role
Date Thu, 22 Sep 2011 22:40:46 GMT
El 23/09/2011, a las 00:10, Pid <pid@pidster.com> escribió:

> On 22/09/2011 23:03, Omar Belkhodja wrote:
>> Hello,
>>
>> I'm trying to create some kind of web application, that will provide access
>> to sensitive data for users. Each user, should login first, then after that
>> he will be able to display a set of pictures. So the url for pictures,
>> should have a protected access, based on the user name. The problem is that
>> :
>> - the pictures will be added dynamically, into new directories, so I can't
>> add a new rule dynamically to the web server to set a new login policy for
>> the new directory
>> - the access restriction in Tomcat is based on the user's role, not on the
>> username. So if I want to restrict uri access, I will have to create a new
>> role for each new user, and update the server configuration each time.

You can define your own custom realm.



>> Does anyone, know about a solution to this kind of situation ?
>>
>> Thanks !
>
> You're going about this the wrong way.
>
> Don't actually put the images in accessibly web directories, store them
> somewhere else & forward to them via a mapping if the virtual URL passes
> auth.
>
>
> p
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message