Hello. I am working on a web application that creates directories with resources (mainly Gifs) in it. When creating new directories, i.e. "res1" and "res2", I need new
userroles as well, i.e. res1_viewer and res2_viewer. Now if somebody logs in as a res1_viewer, how can I make sure that he or she only has access to those resources he or she has the proper rights for? And NOT the resources in directory res2. I.e. by typing the direct URL to the GIF in the address bar of the browser. The problem is that the new security constraint for the created directories are in web.xml and this file is only read at application/tomcat startup. I found a post from 3 years ago, written by somebody with more or less the same question at: http://w6.metronet.com/~wjm/tomcat/2000/May/msg00502.html Here the replier advices to do something like a Context Restart. My question is: is this still the best way? If this (old) thread is really outdated, what would be the right way to proceed with this problem? Should I extend/implement JDBCRealm? I am using Tomcat 4.1 on Windows/Linux/Unix with JDK 1.3.1_08 Any help will be greatly appreciated! Regards, Eelco --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
