tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: Securing File System Resources ?
Date Tue, 13 Dec 2005 13:31:24 GMT
Version 1 is the way I did. 
  Things I had to bare in mind are:
  - are you actually logging users in or are they authorised on a per individual file basis
  - can the user re-access the file or is it a one off access?
David Smith <> wrote:  Either one or two are excellent choices with
1 being the best IMHO.  It
could be as simple as some other servlet places a flag in the session
that essentially says this user is good for downloading this file for
this session.  The servlet filter sees that and offers the file, or
failing to see the the flag, redirects the user to a friendly error page.


Dov Rosenberg wrote:

>Our application has its own security model that controls access to our
>information based on our own roles and permissions. We store files related
>to our application on the file system where our application is running.
>These associated files are served out by a web server. Our goal is to come
>up with a scheme where we could apply our security  model to control access
>to these files via the web server. For example ­ someone associates a PDF
>with some meta data. We don¹t want the user to be able to bookmark the
>underlying URL and email it to their friends for them to download without
>having them authenticated by our service.
>We are looking at a couple of different ideas.
>1. Create a servlet filter to sit in front of the resources requests and
>somehow tie that into our application logic
>2. Create a regular proxy type of servlet that can accept requests and
>validate them using our security model
>3. Figure out a way to secure the filesystem using a Proxy server of some
>Any other thoughts or ideas are appreciated. Thanks in advance

David Smith
Network Operations Supervisor
Department of Entomology
College of Agriculture & Life Sciences
Cornell University
2132 Comstock Hall
Ithaca, NY  14853
Phone: 607.255.9571
Fax: 607.255.0939

To unsubscribe, e-mail:
For additional commands, e-mail:

To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre.
  • Unnamed multipart/alternative (inline, 8-Bit, 0 bytes)
View raw message