tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Omar Belkhodja <omar.belkho...@gmail.com>
Subject Re: Limiting access to resources, based on username, not on the user role
Date Fri, 23 Sep 2011 10:41:18 GMT
Thanks. It's clear now :)

2011/9/23 Pid <pid@pidster.com>

> On 22/09/2011 23:23, Omar Belkhodja wrote:
> > Thanks Pid. What do you mean by "a mapping" ? Is it some kind of servlet
> > that would read the file, and create the HTTP answer after having checked
> > the login ?
>
> An arbitrary URL structure:
>
>  /images/{user}/{imageid}
>
> If /images/* was secured, then any user would be authenticated before
> your Servlet or Servlet Filter was executed.
>
> In your code, you would examine the Principal & see if it had permission
> to proceed.  Then return the resource or an error, accordingly.
>
> Your code could request.forward() to another Servlet which actually
> returned the image, or could read the image from where it was stored &
> serve it directly into the outputstream.
>
> Up to you, where & how you store the image.
>
>
> p
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message