Tomcat Configuration Question

Forum Moderators: phranque

Message Too Old, No Replies

Tomcat Configuration Question

directory security

zuko105

5:49 pm on Nov 21, 2002 (gmt 0)

If anyone could help me out with this one, I would be eternally grateful.

I know there is a way to configure Tomcat so that every request on a specific directory would be forwarded through a servlet or jsp page.

This way I could check for a session variable for a specific request to download an executable, and forward them to a login page if said session does not exist.

Muchos Gracias in advance.

Zuko

jatar_k

9:34 pm on Nov 21, 2002 (gmt 0)

I don't know enough about tomcat to give you a good resource to look at but I tried this search [google.com] among others and it looks like somewhere in there you may have an answer.

There is also
[jakarta.apache.org...]
which may have the answer in the docs somewhere

tedster

11:34 pm on Nov 21, 2002 (gmt 0)

I just checked with a friend who works with Tomcat regularly. He's having some delay getting to the forum, but here's what he wrote to me:

"servlet filters" is the best approach, but this can also be done using a mapping of /* to a servlet that acts as a dispatcher (i.e., sends back the right page info, or does the redirect).

Hope that's at least a clue for you.

jatar_k

11:40 pm on Nov 21, 2002 (gmt 0)

I read similar information in some of the docs in searches I did but wasn't really sure what that meant.

zuko105

11:50 pm on Nov 21, 2002 (gmt 0)

I'm checking out just having the protected files somewhere on the hard drive...say c:\protected\somefile.exe, not even in the tomcat webapps directory.

and then have a servlet that is linked to from a protected page that would serve the file after it checked for the presence of a session that was created previously from a login page.

If anyone has experience in servlet file serving, please let me know if this is possible.

Thanks in advance.

Zuko