Either one or two are excellent choices with 1 being the best IMHO. It could be as simple as some other servlet places a flag in the session that essentially says this user is good for downloading this file for this session. The servlet filter sees that and offers the file, or failing to see the the flag, redirects the user to a friendly error page.
-David Dov Rosenberg wrote: >Our application has its own security model that controls access to our >information based on our own roles and permissions. We store files related >to our application on the file system where our application is running. >These associated files are served out by a web server. Our goal is to come >up with a scheme where we could apply our security model to control access >to these files via the web server. For example someone associates a PDF >with some meta data. We don¹t want the user to be able to bookmark the >underlying URL and email it to their friends for them to download without >having them authenticated by our service. > >We are looking at a couple of different ideas. > >1. Create a servlet filter to sit in front of the resources requests and >somehow tie that into our application logic >2. Create a regular proxy type of servlet that can accept requests and >validate them using our security model >3. Figure out a way to secure the filesystem using a Proxy server of some >type. > >Any other thoughts or ideas are appreciated. Thanks in advance > > > > > -- ======================================= David Smith Network Operations Supervisor Department of Entomology College of Agriculture & Life Sciences Cornell University 2132 Comstock Hall Ithaca, NY 14853 Phone: 607.255.9571 Fax: 607.255.0939 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
