Clarification,
I have already written servlets that use session objects and a db to hold the
userIDs and Pw for authentication. I have a link from within the site that
points to a directory. In this directory is a list of downloadable files. I
want to list the files, but only if the user has authenticated using the login
servlet. To list the file directory, i set the server to allow file viewing.
The problem is that you don't have to authenticate with the servlet to view any
of the directories in the public_html. You can simply type in the address for
the directory, and circumvent the login.
For instance, people with be given access to the site for a specified time
period. At the end of the time period, when their maintenance agreement expires,
they will be denied access. However, if they know the path of the directory that
contains all of the software updates and upgrades, they can continue receiving
free upgrades, even though their maintenance agreement has expired. One solution
is: I could just provide a page with links to each update/upgrade, but that is
less elegant then printing the directory, because every time I add a file to the
directory, the page will have to be updated.
Thank You,
alan
Danny Rubis wrote:
> Hey!
>
> >... make the directory a protected resource
>
> I am assuming you mean with the webserver basic authentication.
> I suggest that a better way of doing authentication is within the
> servlet using session objects and a DB to hold User IDs, Passwords
> and authority levels for authentication.
>
> Many servlet books, this E-list archive and the Web contain example
> code for doing this.
>
> Sans adieu,
> Danny Rubis
>
> Alan Himes wrote:
>
> > Hi,
> >
> > I have an directory of files that i want only certain people to view.
> > These people already have user ids and passwords. I could make the
> > directory a protected resource, but the whole user list would have to
> > be entered into the server to allow access to a protected resource and
> > the user would be reprompted for a user name and password when they went
> > from the main site to the directory. Would it be possible to write a
> > servlet that would authenticate the user, based on his/her current id &
> > password, then have the servlet pass a single user id and password from
> > the servlet to the server? has anyone done this before? or have any
> > other suggestions.
> >
> > thanks
> > alan
> >
> > ___________________________________________________________________________
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > Resources: http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
