Re: login servlet ? how with static based site ?

[Michael Nash]

Fillipos:   I've done something that I think is similar to what you're looking for with my company's Reports Online product - it stores reports from various sources, and then presents them to authenticated users when requested. The basic trick was to put the actual files (in your case the HTML files) outside the directory that is served by the web server. For example, if my web server's root directory is /usr/web, then you put the HTML in /usr/protected, then have the servlet actually supply the page to the user if they are logged in correctly. Then only public pages go in /usr/web.   Just one idea! For an example of this approach, see the Download servlet in the Expresso framework, an open source project on our site http://www.javacorporate.com. It's in com.javacorporate.common.servlet.Download.   Mike Javacorporate Ltd -----Original Message----- From: A mailing list for discussion about Sun Microsystem's Java Servlet API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of Filippos Slavik Sent: Thursday, September 02, 1999 4:20 AM To: [EMAIL PROTECTED] Subject: login servlet ? how with static based site ? Hello there,   I'm missing something and I'd like you guys to answer me the following question:   I know how to write a login servet that authenticates users and on successful login, this very serlvet redirects to "other servlets". Offcourse when a "evil" user manually points his browser to the "other servlets", without passing through the login servlet, the "other servlets" redirects the user to the login user. This is understood and I have no problem. My situation is somehow different: I have a customer with a running http server. His site is 100% static pages based. He want's to add membership feature to his site. My first thought was to create a login servlet, which on successful login would redirect to his html files. On a second though this completely illegal, since a "evil" user could point directly his browser to the static html files. I think the solution would be easy, if i could force his http server on each file access to pass this request through a servlet (for example a fileaccess?URL=<file URL>). Is this possible ? If it's possible and since the customer uses Apache, is the apache's rewrite module capable of doing that ? If so, a example would greatly help me.    Best Regards Filippos Slavik     ################################################################    Filippos Slavik    Part of the SIAMS's implementation development team. For more    information, please check http://www.siams.net    e-mail : [EMAIL PROTECTED]    ################################################################  "The software said 'runs on Win95 or better,' so I installed   it on Linux..."