I need to restrict access to a website's images, to people that have
logged on, have authorization etc. I've searched though the Tomcat
user's mailing list archives and didn't find a discussion that addressed
this, so I thought I'd asked for some architectural guidance.
My initial thought is to have the src parameter in an html <img
src="url" /> point to a servlet instead of a static image in the web
app. The servlet would check the session and verify that the requester
is logged-in and then return the appropriate image. Seems straight
forward. Is there a better way? I read some threads about Tomcat
filters but that seems like overkill.
A related question is more fundamental: If I write a servlet such as
the above, is there ever only once instance of it running? In other
words, if I have 10 users hitting the site at once, does Tomcat create
an instance of the servlet for each user so they all operate in
parallel, or does queue-up the requests and send them to a single instance?
By the way, if anyone here is administering this mailing list, I'd like
to offer a suggestion: In multiple places, the FAQs about using this
list have comments such as "...be sure to check the archives before
asking a question..." but don't have any links (or instructions) on HOW
to do that! I had to resort to Google to find the archive, and then it
took more time to find the *searchable* archive, which is entirely
different. . A simple link to
"http://www.mail-archive.com/users@tomcat.apache.org/maillist.html"; on
those FAQ pages, as well as to the bottom of this list, would be very,
very helpful.
- Carl Dreher
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
