On Nov 3, 2004, at 9:36, Tore Halset wrote:
I have set up a simple service using the WebdavServlet (mapped to /*)
for a single user. I have overrided getResources() to define a
FileDirContext to store the files. The security are defined in web-xml
as a security-constraint. Everything is working very well.
So, someone want this service to work with more than one user :) The
different users should not see each other files. I could ask user a to
use url http://server.com/service/a and user b to use url
http://server.com/service/b, but how can I protect /b from user a and
/a from user b? Is it possible to define a url-pattern like
/${username}/* in a security-constraint in web.xml?
I just put the following code in the service-method:
String username = req.getRemoteUser();
String servletpath = req.getServletPath();
removed some checking on username and servletpath
if (!(servletpath.equals(/ + username) ||
servletpath.startsWith(/ + username + /))) {
log.info(user + username + does not have access to +
servletpath);
res.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
- Tore.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
