Our application has its own security model that controls access to our information based on our own roles and permissions. We store files related to our application on the file system where our application is running. These associated files are served out by a web server. Our goal is to come up with a scheme where we could apply our security model to control access to these files via the web server. For example someone associates a PDF with some meta data. We don¹t want the user to be able to bookmark the underlying URL and email it to their friends for them to download without having them authenticated by our service.
We are looking at a couple of different ideas. 1. Create a servlet filter to sit in front of the resources requests and somehow tie that into our application logic 2. Create a regular proxy type of servlet that can accept requests and validate them using our security model 3. Figure out a way to secure the filesystem using a Proxy server of some type. Any other thoughts or ideas are appreciated. Thanks in advance -- Dov Rosenberg Conviveon/Inquira Knowledge Management Experts http://www.conviveon.com http://www.inquira.com
