Hello, I'm trying to create some kind of web application, that will provide access to sensitive data for users. Each user, should login first, then after that he will be able to display a set of pictures. So the url for pictures, should have a protected access, based on the user name. The problem is that : - the pictures will be added dynamically, into new directories, so I can't add a new rule dynamically to the web server to set a new login policy for the new directory - the access restriction in Tomcat is based on the user's role, not on the username. So if I want to restrict uri access, I will have to create a new role for each new user, and update the server configuration each time.
Does anyone, know about a solution to this kind of situation ? Thanks !