Thanks Pid. What do you mean by "a mapping" ? Is it some kind of servlet that would read the file, and create the HTTP answer after having checked the login ?
2011/9/22 Pid <p...@pidster.com> > On 22/09/2011 23:03, Omar Belkhodja wrote: > > Hello, > > > > I'm trying to create some kind of web application, that will provide > access > > to sensitive data for users. Each user, should login first, then after > that > > he will be able to display a set of pictures. So the url for pictures, > > should have a protected access, based on the user name. The problem is > that > > : > > - the pictures will be added dynamically, into new directories, so I > can't > > add a new rule dynamically to the web server to set a new login policy > for > > the new directory > > - the access restriction in Tomcat is based on the user's role, not on > the > > username. So if I want to restrict uri access, I will have to create a > new > > role for each new user, and update the server configuration each time. > > > > Does anyone, know about a solution to this kind of situation ? > > > > Thanks ! > > You're going about this the wrong way. > > Don't actually put the images in accessibly web directories, store them > somewhere else & forward to them via a mapping if the virtual URL passes > auth. > > > p > >
