tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Donahue - PLANDEVX <>
Subject RE: Dynamic Security Constraints?
Date Fri, 09 Mar 2012 22:10:38 GMT
>-----Original Message-----
>From: André Warnier []
>Subject: Re: Dynamic Security Constraints?
>Leo Donahue - PLANDEVX wrote:
>> I'm not sure this is the right subject line, but if I wanted to use
>Tomcat to publish large files (several GB) for different customers to
>download, and each customer wanted their own secure URL (form based
>login over HTTPS) from which to download their data, how would I add a
>new security constraint url-pattern for authentication for new customers
>without restarting the server?  Is that even the correct approach?
>> Or would it just be easier to deploy a new pre-configured webapp for
>each customer?
>Your own choice of phrasing above is a bit ambiguous, but indeed your
>last solution seems to be the easiest to implement.
>Among other reasons, since you do not know who they are before they
>login, it would be difficult to present each one of them with their own
>specific login page.
>(That's the ambiguous part, so I'm not sure that I understand your
>requirement correctly).

Occasionally I get requests for GIS data in the tens of gigabytes.  Our ftp won't let us upload
that amount of data, so I thought why not zip it and place it on Tomcat for them to download.
 This data was sensitive in nature and they wanted a secure login to whatever URL I provided
for them to download that data.

Example:  when they access this URL, they are presented
with a form based login over HTTPS, and once authenticated, Tomcat serves up a directory with
their zip file.  Essentially, I would already have a preconfigured SQL database with users/roles
and just whip up a webapp and send the customer a url/username/password with which to login.
 I was thinking I would just have webapp template that I modify when I get a request like
that, deploy and then undeploy it after they get their data.  Is there a better way?  

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message