tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Omar Belkhodja <omar.belkho...@gmail.com>
Subject Re: Limiting access to resources, based on username, not on the user role
Date Thu, 22 Sep 2011 22:23:38 GMT
Thanks Pid. What do you mean by "a mapping" ? Is it some kind of servlet
that would read the file, and create the HTTP answer after having checked
the login ?

2011/9/22 Pid <pid@pidster.com>

> On 22/09/2011 23:03, Omar Belkhodja wrote:
> > Hello,
> >
> > I'm trying to create some kind of web application, that will provide
> access
> > to sensitive data for users. Each user, should login first, then after
> that
> > he will be able to display a set of pictures. So the url for pictures,
> > should have a protected access, based on the user name. The problem is
> that
> > :
> > - the pictures will be added dynamically, into new directories, so I
> can't
> > add a new rule dynamically to the web server to set a new login policy
> for
> > the new directory
> > - the access restriction in Tomcat is based on the user's role, not on
> the
> > username. So if I want to restrict uri access, I will have to create a
> new
> > role for each new user, and update the server configuration each time.
> >
> > Does anyone, know about a solution to this kind of situation ?
> >
> > Thanks !
>
> You're going about this the wrong way.
>
> Don't actually put the images in accessibly web directories, store them
> somewhere else & forward to them via a mapping if the virtual URL passes
> auth.
>
>
> p
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message