Re: Problem in access control of resources

Sun, 10 Jun 2001 19:33:06 -0700

Hi Hemant,
The user should have both the options to view it or download it. The problem with streaming is that it is somewhat slow(since you have to first read it and then write it in a stream).The second issue is that for e.g. if I read a word document in a stream and then write it in a stream , the browser doesnt know that its a word document and just renders it as a txt document. In the case of word docs and xls the output on the browser is all junk. Please let me know what you think on this.

Thanks a lot for your help Hemant.

Regards,
Pankaj


At 06:43 PM 2/10/2000 +0530, you wrote:
HI Pankaj:
How you transfer the word documents to the client? I mean you expect user to download it, or view it in there web browser?
In both ways what you can do is that instead of redirecting the client to word files, you read those word files in your jsp or servlet and write that file to users stream, And as you jsp or servlet will always have maintained in session(or whatever) that user has logged in or not, so i guess this will solve your problem.
Regards,
Hemant
----- Original Message -----
From: Pankaj Chhaparwal
To: [EMAIL PROTECTED]
Sent: Sunday, June 10, 2001 7:58 AM
Subject: Problem in access control of resources

Hi All,

Servlet spec 2.2 states



I am using Apache and Tomcat to build my website. The adapter is JServ.I have certain word documents which have to be displayed on the browser on demand  from the end user. I dont want to end users to view these documents unless they have logged into the system. What happens right now is that user can see the url of word document when the jsp redirects him to word document on receiving the request. He can then access the document from the webserver even if he has not logged into the website. Is there anyway I can prevent this from happening? Ideally I would like Apache to serve all the word documents since they are static files. But I am also considering Tomcat to serve this file.



Also I have another question on access control. Servel 2.2 spec states the following

Access control for resources: The mechanism by which interactions with resources are limited
to collections of users or programs for the purpose of enforcing availability, integrity, or
confidentiality.
How can we limit interaction with resources to collections of programs?

Any help on this would be greatly appreciated.

Thanks & Regards,
Pankaj

Reply via email to