We would prefer the file was a one off access so they couldn't send the link to their buddies. In most cases the user would be authenticated via either a SSO solution or our own.
Thanks again for the feedback. On 12/13/05 8:31 AM, "ALEX HYDE" <[EMAIL PROTECTED]> wrote: > Version 1 is the way I did. > > Things I had to bare in mind are: > - are you actually logging users in or are they authorised on a per > individual file basis > - can the user re-access the file or is it a one off access? > > Gluck > > David Smith <[EMAIL PROTECTED]> wrote: Either one or two are excellent > choices > with 1 being the best IMHO. It > could be as simple as some other servlet places a flag in the session > that essentially says this user is good for downloading this file for > this session. The servlet filter sees that and offers the file, or > failing to see the the flag, redirects the user to a friendly error page. > > -David > > Dov Rosenberg wrote: > >> Our application has its own security model that controls access to our >> information based on our own roles and permissions. We store files related >> to our application on the file system where our application is running. >> These associated files are served out by a web server. Our goal is to come >> up with a scheme where we could apply our security model to control access >> to these files via the web server. For example someone associates a PDF >> with some meta data. We don¹t want the user to be able to bookmark the >> underlying URL and email it to their friends for them to download without >> having them authenticated by our service. >> >> We are looking at a couple of different ideas. >> >> 1. Create a servlet filter to sit in front of the resources requests and >> somehow tie that into our application logic >> 2. Create a regular proxy type of servlet that can accept requests and >> validate them using our security model >> 3. Figure out a way to secure the filesystem using a Proxy server of some >> type. >> >> Any other thoughts or ideas are appreciated. Thanks in advance >> >> >> >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
