The JSP/servlet could use the java.io.File/FileInputStream classes
to read the file and stream it out to the web browser - this way the files
wouldn't even have to be in the webapps directory.
Randy
> -----Original Message-----
> From: Roland [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 31, 2001 2:22 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Accessing protected files trough JSP how?
>
>
> Hello,
> we are creating a JSP web-page for several users with login.
> Now my question is, each user has specific files, which other users
> shouldn't be allowed to read. Now one alternative would be to create a
> directory for each user and only assign the specific user the
> rights to read
> that directory using the web.xml file. I think that is a lot
> of overhead,
> because if you have 500 users you will have to create 500
> dirs, and put 500
> roles in your web-xml file.
>
> But there is another approach idea which I think is simpler
> to implement.
> Instead of creating one dir for each user, how about storing
> all files on
> the same dir. The dir shouldnt be accessible for any of the
> users, and the
> files should be accessed through a JSP page. The JSP page
> would decide which
> file to show to which user depending on his userid.
> The problem is, how can the JSP page access a file that is
> not accessible to
> the user?
>
> Any ideas here?
>
>
> Thanks Roland
>
