Hello,
The problem is as following: suppose you have a large user base, all will
login with JDBC realms, but have the same role. Depending on the user name
the webapp will decide which data to show to the user. Since all users will
have the same role(it is not a good idea to assign a different role to each
of 500+ users), the important files/data/images should be in a directory not
accessible to ANY of them, because if any user has rights to read that
directory he can see all data, including from the other users. The problem
now is, how do I present the users data to himself since he has no access to
it?
One idea would be to use
ServletContext.getResource("myfile")
The good thing about this is, that "myfile" can be any file, even outside of
the Tomcat directory tree. The bad thing is that I don't know how to use it.
getResource returns an URL object, but what do I do with it? How can I make
the servlet display that file to the user?
Any help appreciated...
Roland
