tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: Limiting access to resources, based on username, not on the user role
Date Fri, 23 Sep 2011 09:59:32 GMT
On 22/09/2011 23:23, Omar Belkhodja wrote:
> Thanks Pid. What do you mean by "a mapping" ? Is it some kind of servlet
> that would read the file, and create the HTTP answer after having checked
> the login ?

An arbitrary URL structure:

 /images/{user}/{imageid}

If /images/* was secured, then any user would be authenticated before
your Servlet or Servlet Filter was executed.

In your code, you would examine the Principal & see if it had permission
to proceed.  Then return the resource or an error, accordingly.

Your code could request.forward() to another Servlet which actually
returned the image, or could read the image from where it was stored &
serve it directly into the outputstream.

Up to you, where & how you store the image.


p


Mime
View raw message