Re: Problem in access control of resources

[Hemant Singh]

HI Pankaj: How you transfer the word documents to the client? I mean you expect user to download it, or view it in there web browser? In both ways what you can do is that instead of redirecting the client to word files, you read those word files in your jsp or servlet and write that file to users stream, And as you jsp or servlet will always have maintained in session(or whatever) that user has logged in or not, so i guess this will solve your problem. Regards, Hemant ----- Original Message ----- From: Pankaj Chhaparwal To: [EMAIL PROTECTED] Sent: Sunday, June 10, 2001 7:58 AM Subject: Problem in access control of resources Hi All, Servlet spec 2.2 states I am using Apache and Tomcat to build my website. The adapter is JServ.I have certain word documents which have to be displayed on the browser on demand  from the end user. I dont want to end users to view these documents unless they have logged into the system. What happens right now is that user can see the url of word document when the jsp redirects him to word document on receiving the request. He can then access the document from the webserver even if he has not logged into the website. Is there anyway I can prevent this from happening? Ideally I would like Apache to serve all the word documents since they are static files. But I am also considering Tomcat to serve this file. Also I have another question on access control. Servel 2.2 spec states the following Access control for resources: The mechanism by which interactions with resources are limited to collections of users or programs for the purpose of enforcing availability, integrity, or confidentiality. How can we limit interaction with resources to collections of programs? Any help on this would be greatly appreciated. Thanks & Regards, Pankaj