On 22/09/2011 23:03, Omar Belkhodja wrote: > Hello, > > I'm trying to create some kind of web application, that will provide access > to sensitive data for users. Each user, should login first, then after that > he will be able to display a set of pictures. So the url for pictures, > should have a protected access, based on the user name. The problem is that > : > - the pictures will be added dynamically, into new directories, so I can't > add a new rule dynamically to the web server to set a new login policy for > the new directory > - the access restriction in Tomcat is based on the user's role, not on the > username. So if I want to restrict uri access, I will have to create a new > role for each new user, and update the server configuration each time. > > Does anyone, know about a solution to this kind of situation ? > > Thanks !
You're going about this the wrong way. Don't actually put the images in accessibly web directories, store them somewhere else & forward to them via a mapping if the virtual URL passes auth. p
signature.asc
Description: OpenPGP digital signature
