-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ravi,
On 5/1/2009 7:36 PM, Ravi Sharma wrote:
> I wanted to server these pages only to registered user of my site so i put
> one filter in web.xml of my application
> <filter>
> <filter-name>DownLoadSecurityFilter</filter-name>
> <filter-class>com.app.security.SecurityFilter</filter-class>
> </filter>
> <filter-mapping>
> <filter-name>DownLoadSecurityFilter</filter-name>
> <url-pattern>/audio/download/*</url-pattern>
> </filter-mapping>
Looks good so far. I still think you might just want to use the built-in
authentication and authorization capabilities provided by the container.
Have you looked into using <security-constraint>?
> Now if user is logged in then i don't do any redirection to login page in
> Filter class. Class code as follows
[snip]
> try
> {
> checkSecurity(request);
> }
> catch(UserNotLoggedIn ex)
> {
> httpResponse.sendRedirect(httpRequest.getContextPath() +
> LOGINURL +"?URL=" + targetUrl);
Technically, this should be:
httpResponse.sendRedirect(httpRequest.getContextPath()
+ response.encodeRedirecURL(LOGINURL)
+ "?URL="
+ java.net.URLEncoder.encode(targetURL, "UTF-8")
);
> Problem : Now when user is logged in then user should be able to see this
> page content of
> http://www.mysite.com/app/audio/download/abc.html
>
> but on this page in browser user getting following tomcat error
>
> *Type* Status report
> *message* */app/audio/download/abc.html
> **description* *The requested resource (/app/audio/download/abc.html) is not
> available.**
Did you say that Tomcat generates pages like
/app/audio/download/foo.html for you after the webapp is deployed? I
have seen a lot of people complain that files created after webapp
deployment are not seen by the DefaultServlet, which serves static
content for you.
If you need to serve files that have been created after deployment, you
might want to write your own servlet to serve them. Better yet, serve
them out of another directory because when you undeploy a webapp, Tomcat
might delete the webapp directory and also all your generated files.
You might be able to use the DefaultServlet by changing some settings on
it like whether to cache information about the directories is has
scanned before.
I believe your filter is functioning correctly. Tomcat, in this case, is
what is the problem for you.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkn/RDEACgkQ9CaO5/Lv0PAsCACeO3fLNjoHYEdUWmA65pGGZxrG
ZN8AoKqqDDv5FuRwP07h5G8s5oBZFEG+
=QTtT
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
