-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Leo,
On 3/9/12 4:44 PM, Leo Donahue - PLANDEVX wrote: > I'm not sure this is the right subject line, but if I wanted to > use Tomcat to publish large files (several GB) for different > customers to download, and each customer wanted their own secure > URL (form based login over HTTPS) from which to download their > data, how would I add a new security constraint url-pattern for > authentication for new customers without restarting the server? Is > that even the correct approach? Sounds like a custom filter would be best. You could map the filter to some root, say "/dynamic-security/*" and then always publish to URLs that would be served by resources in that URL space. You can do whatever you want in your filter. For example, you could have a map of URLs to clients and make sure that the current-user "is" the proper client. You can even write a simple management servlet that allows you to modify that map. (Don't forget to protect that admin servlet :) - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9eI4QACgkQ9CaO5/Lv0PDKqQCfSy1N9i9j21k9AZRqvWmrc0l/ SaMAn2BD8euUBYQj9cbXqCB5iMKmmze+ =nVbi -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
