Hello, we are creating a JSP web-page for several users with login. Now my question is, each user has specific files, which other users shouldn't be allowed to read. Now one alternative would be to create a directory for each user and only assign the specific user the rights to read that directory using the web.xml file. I think that is a lot of overhead, because if you have 500 users you will have to create 500 dirs, and put 500 roles in your web-xml file. But there is another approach idea which I think is simpler to implement. Instead of creating one dir for each user, how about storing all files on the same dir. The dir shouldnt be accessible for any of the users, and the files should be accessed through a JSP page. The JSP page would decide which file to show to which user depending on his userid. The problem is, how can the JSP page access a file that is not accessible to the user? Any ideas here? Thanks Roland
