Hello, My application can crate report on a fly ( a file) for an authorized clients. The client authentication is conducted by the application and Tomcat is not involved in this process. Other clients may create a file in the same directory, but the application will show the links only to the files that were created by this particular user ( the userID is a part of the file name). How can I ensure that others cannot view this file by just typing the URL in the browser and list all the files under this directory?
I read about the possibility starting Tomcat with the security manager (%CATALINA_HOME%\bin\catalina start –security) But It is not clear how to invoke the security manager for the TOMCAT that is running as a service (C:\jakarta- tomcat-5.0.28\bin\tomcat5.exe //RS//Tomcat5) and what exactly needs to be added to the catalina.policy file to set the needed restrictions. I would appreciate any help for this matter. thanks P.S. I am using Tomcat 5.0.28 ; JDK 1.5.0_12 Tomcat is running as a service under Windows 2003 server
