>-----Original Message----- >From: André Warnier [mailto:a...@ice-sa.com] >Subject: Re: Dynamic Security Constraints? > >Leo Donahue - PLANDEVX wrote: >> I'm not sure this is the right subject line, but if I wanted to use >Tomcat to publish large files (several GB) for different customers to >download, and each customer wanted their own secure URL (form based >login over HTTPS) from which to download their data, how would I add a >new security constraint url-pattern for authentication for new customers >without restarting the server? Is that even the correct approach? >> >> Or would it just be easier to deploy a new pre-configured webapp for >each customer? >> >Your own choice of phrasing above is a bit ambiguous, but indeed your >last solution seems to be the easiest to implement. > >Among other reasons, since you do not know who they are before they >login, it would be difficult to present each one of them with their own >specific login page. >(That's the ambiguous part, so I'm not sure that I understand your >requirement correctly).
Occasionally I get requests for GIS data in the tens of gigabytes. Our ftp won't let us upload that amount of data, so I thought why not zip it and place it on Tomcat for them to download. This data was sensitive in nature and they wanted a secure login to whatever URL I provided for them to download that data. Example: http://planning.maricopa.gov/customerx when they access this URL, they are presented with a form based login over HTTPS, and once authenticated, Tomcat serves up a directory with their zip file. Essentially, I would already have a preconfigured SQL database with users/roles and just whip up a webapp and send the customer a url/username/password with which to login. I was thinking I would just have webapp template that I modify when I get a request like that, deploy and then undeploy it after they get their data. Is there a better way? --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
