We would prefer the file was a one off access so they couldn't send the link
to their buddies. In most cases the user would be authenticated via either a
SSO solution or our own.

Thanks again for the feedback.




On 12/13/05 8:31 AM, "ALEX HYDE" <[EMAIL PROTECTED]> wrote:

> Version 1 is the way I did.
>   
>   Things I had to bare in mind are:
>   - are you actually logging users in or are they authorised on a per
> individual file basis
>   - can the user re-access the file or is it a one off access?
>   
>   Gluck
>   
> David Smith <[EMAIL PROTECTED]> wrote:  Either one or two are excellent 
> choices
> with 1 being the best IMHO.  It
> could be as simple as some other servlet places a flag in the session
> that essentially says this user is good for downloading this file for
> this session.  The servlet filter sees that and offers the file, or
> failing to see the the flag, redirects the user to a friendly error page.
> 
> -David
> 
> Dov Rosenberg wrote:
> 
>> Our application has its own security model that controls access to our
>> information based on our own roles and permissions. We store files related
>> to our application on the file system where our application is running.
>> These associated files are served out by a web server. Our goal is to come
>> up with a scheme where we could apply our security  model to control access
>> to these files via the web server. For example ­ someone associates a PDF
>> with some meta data. We don¹t want the user to be able to bookmark the
>> underlying URL and email it to their friends for them to download without
>> having them authenticated by our service.
>> 
>> We are looking at a couple of different ideas.
>> 
>> 1. Create a servlet filter to sit in front of the resources requests and
>> somehow tie that into our application logic
>> 2. Create a regular proxy type of servlet that can accept requests and
>> validate them using our security model
>> 3. Figure out a way to secure the filesystem using a Proxy server of some
>> type.
>> 
>> Any other thoughts or ideas are appreciated. Thanks in advance
>> 
>> 
>> 
>>  
>> 
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to