Santiago Gala <sgala <at> apache.org> writes: > > One possibility would be to forward to a separate servlet container, > where the download would take place, but it is a kludge, and I'm not > sure that all requirements of A&A, session, etc. can be met easily. > > Regards > Santiago >
Right, I thought of simply using a link to a servlet. I will probably include it in the same .war as my portlets. However, that leaves an access control problem. When I access my portlet through the portal, my user principal is available but when I by-pass the portal and go to straight to a servlet, it is not. Therefore, I cannot verify the user's credentials. The one other possibilty is that I could try using container-level SSO to have the user principal to be shared accross web-apps. I'll post my results. I am actually using jetspeed2 and tomcat, but I thought that this user group would have more ideas on the download problem. Frankly, it is somewhat mind-blowing that they didn't think of file downloads when they came up with JSR-168 since file downloads were the foundation of the web.
