There's a custom mechanism that creates security tokens. I'm not really sure how it works as this is a large application and the security framework was developed by another group.
I'm guessing that conceptually, a proper solution to "secure" file links would involve custom URLs that incorporate a security token string that are only valid for the current user in the current session. On Mon, Nov 28, 2016 at 4:30 PM, Rick Grashel <[email protected]> wrote: > Hi William, > > How are your users logging in right now? Through basic authentication or > through a custom mechanism? > > -- Rick > > On Mon, Nov 28, 2016 at 2:23 PM, William Krick <[email protected]> > wrote: > >> I'm working on a Stripes web application that provides links to tutorial >> files. The users have to log into the application. The problem is that >> the links to the tutorial files are accessible to anyone, whether they are >> logged into the application or not. >> >> The links should only be accessible to logged-in users. >> >> Is there some standard way that this is done? >> >> Also, should the files be hosted outside of the web-accessible root >> directory? >> >> I don't want to have to bundle the files inside the deployment war >> because they may need to be updated outside of the normal app deployment >> cycle. >> >> ------------------------------------------------------------ >> ------------------ >> >> _______________________________________________ >> Stripes-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/stripes-users >> >> > > ------------------------------------------------------------ > ------------------ > > _______________________________________________ > Stripes-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/stripes-users > >
------------------------------------------------------------------------------
_______________________________________________ Stripes-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/stripes-users
