Works for me. Thanks. Justin
-----Original Message----- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 2:23 PM To: Tomcat Users List Subject: Re: Formerly: Tomcat clustering and servletContext. Justin, > Given that I've authenticated someone, using JNDIRealm, can I then > operate with their permissions on the server? IE, if they > authenticate to Tomcat in JNDIRealm, do I get access to files that > carry their NT permissions? Uhh, I'm not entirely sure, but I'd eat my proverbial hat if a user logged-in to your web application (using J2EE-style j_security_check, right?) and then could access any of their files on the server. Tomcat should run with a particular user's privs. If you run it as Administrator, then you'll open your whole system up to file theft (is that your concern?). You should run Tomcat as a user with very little access. On UNIX systems, it's common to either use the "nobody" user or create a user under which Tomcat will run. Tomcat doesn't assume the privs of a user that has successfully logged-in to your application. So, you can't use Tomcat as a file-server unless it actually is running as Administrator or the user whose files you want to read. There may be a way to authenticate directly with NT and then request files through some other mechanism, but you can't just open up a FileInputStream to anything you want :) -chris --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]