tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Omar Belkhodja <>
Subject Limiting access to resources, based on username, not on the user role
Date Thu, 22 Sep 2011 22:03:43 GMT

I'm trying to create some kind of web application, that will provide access
to sensitive data for users. Each user, should login first, then after that
he will be able to display a set of pictures. So the url for pictures,
should have a protected access, based on the user name. The problem is that
- the pictures will be added dynamically, into new directories, so I can't
add a new rule dynamically to the web server to set a new login policy for
the new directory
- the access restriction in Tomcat is based on the user's role, not on the
username. So if I want to restrict uri access, I will have to create a new
role for each new user, and update the server configuration each time.

Does anyone, know about a solution to this kind of situation ?

Thanks !

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message