tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Dynamic Security Constraints?
Date Fri, 09 Mar 2012 21:56:11 GMT
Leo Donahue - PLANDEVX wrote:
> I'm not sure this is the right subject line, but if I wanted to use Tomcat to publish
large files (several GB) for different customers to download, and each customer wanted their
own secure URL (form based login over HTTPS) from which to download their data, how would
I add a new security constraint url-pattern for authentication for new customers without restarting
the server?  Is that even the correct approach?
> Or would it just be easier to deploy a new pre-configured webapp for each customer?
Your own choice of phrasing above is a bit ambiguous, but indeed your last solution seems

to be the easiest to implement.

Among other reasons, since you do not know who they are before they login, it would be 
difficult to present each one of them with their own specific login page.
(That's the ambiguous part, so I'm not sure that I understand your requirement correctly).

You could use per-customer virtual hosts, but that would be more difficult to set up than

just dropping a war-file in ../webapps/, in particular on-the-fly.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message