Robert Priest wrote:
the URL for the download will contain a session id for the user. So if you will allow me to modify my example:
Say user A logs in and has a session id of "1" and wants to download abc.jar. He will be redirected to the url: http://localhost/myservlet/downloaddir/1/abc.jar
now I would like to put in place a guard servlet. So in myservlet's web.xml
I will add
<servlet-mapping> <servlet-name>com.myproj.web.GUARD</servlet-name> <url-pattern>/downloaddir/*</url-pattern> </servlet-mapping>
The intention is for the "Guard" servlet to:
1. Inspect the url for sessionid ("1" in this case"). 2. Get it and compare it to the current session id (session.getID()). 3. if the two match, then start an http download. 4. If not then, throw up an "Access Denied" error page.
I don't think there is anyway to implement this concept. Because, you can't know the value of session.getID() in advance. Therefore you can't set up the downloaddir as described.
I suppose you could figure out a way to do what you want without using container managed authentication, but I can't think of a good reason to not use it.
-- ******************************************* * Rick Roberts * * Advanced Information Technologies, Inc. * *******************************************
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
