Change the file permissions for the directory and the files so that your web
server can not read/access these files but your servlet engine can. You will
need to have different user-ids for your web server and the servlet engine.
I hope it helps.
Vivek
> -----Original Message-----
> From: Alan Himes [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 04, 2000 8:15 AM
> To: [EMAIL PROTECTED]
> Subject: Re: servlet that passes to server
>
>
> Clarification,
>
> I have already written servlets that use session objects and
> a db to hold the
> userIDs and Pw for authentication. I have a link from within
> the site that
> points to a directory. In this directory is a list of
> downloadable files. I
> want to list the files, but only if the user has
> authenticated using the login
> servlet. To list the file directory, i set the server to
> allow file viewing.
> The problem is that you don't have to authenticate with the
> servlet to view any
> of the directories in the public_html. You can simply type
> in the address for
> the directory, and circumvent the login.
>
> For instance, people with be given access to the site for a
> specified time
> period. At the end of the time period, when their
> maintenance agreement expires,
> they will be denied access. However, if they know the path
> of the directory that
> contains all of the software updates and upgrades, they can
> continue receiving
> free upgrades, even though their maintenance agreement has
> expired. One solution
> is: I could just provide a page with links to each
> update/upgrade, but that is
> less elegant then printing the directory, because every time
> I add a file to the
> directory, the page will have to be updated.
>
> Thank You,
> alan
>
> Danny Rubis wrote:
>
> > Hey!
> >
> > >... make the directory a protected resource
> >
> > I am assuming you mean with the webserver basic authentication.
> > I suggest that a better way of doing authentication is within the
> > servlet using session objects and a DB to hold User IDs, Passwords
> > and authority levels for authentication.
> >
> > Many servlet books, this E-list archive and the Web contain example
> > code for doing this.
> >
> > Sans adieu,
> > Danny Rubis
> >
> > Alan Himes wrote:
> >
> > > Hi,
> > >
> > > I have an directory of files that i want only certain
> people to view.
> > > These people already have user ids and passwords. I
> could make the
> > > directory a protected resource, but the whole user list
> would have to
> > > be entered into the server to allow access to a protected
> resource and
> > > the user would be reprompted for a user name and password
> when they went
> > > from the main site to the directory. Would it be
> possible to write a
> > > servlet that would authenticate the user, based on
> his/her current id &
> > > password, then have the servlet pass a single user id and
> password from
> > > the servlet to the server? has anyone done this before?
> or have any
> > > other suggestions.
> > >
> > > thanks
> > > alan
> > >
> > >
> ______________________________________________________________
> _____________
> > > To unsubscribe, send email to [EMAIL PROTECTED] and
> include in the body
> > > of the message "signoff SERVLET-INTEREST".
> > >
> > > Archives:
> http://archives.java.sun.com/archives/servlet-> interest.html
> >
> > Resources:
> http://java.sun.com/products/servlet/external-resources.html
> > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> >
> >
> ______________________________________________________________
> _____________
> > To unsubscribe, send email to [EMAIL PROTECTED] and
> include in the body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives:
> http://archives.java.sun.com/archives/servlet-> interest.html
> >
> Resources:
> http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
> ______________________________________________________________
> _____________
> To unsubscribe, send email to [EMAIL PROTECTED] and
> include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources:
> http://java.sun.com/products/servlet/external-> resources.html
>
> LISTSERV Help:
> http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
