Thank you. This was exactly what I was looking for. I thought that by opening a file for a servlet and then returning it like a stream to the client whould take too much resources but it also seemed like the only way I could whink of except for some kind of HTTP Authentication. But I haven't seen any packages out there that can verify a user with HTTP Authentication and then use som kind of RequestDispatcher.
By the way, do you think that it's best to have the protected files on my Apache server with HTTP Authentication with a login/pass what Tomcat is aware of so Tomcat can get the resource and then send it to the user or is it better to have the files inside WEB/INF for example? I have both Apache and Tomcat running on the same machine. Markus On Friday, May 31, 2002, at 11:03 AM, Phillip Morelock wrote: >> What would be the best sollution if I have resources (non-HTML like >> movies etc.) which I want to protect with a custom made authentication? > > use Servlets. > > serve binary data as the output stream instead of text/html . > > You can authenticate and do all your other "ok, is this person > authorized, > what is the filename" etc., and then serve the headers and the file. > > If you're interested in security, definitely do not have any part of the > filename as a request parameter -- look up the filename in the database. > > There are packages that implement the raw binary serving in a > rudimentary > way, I'm thinking specifically: > http://www.servlets.com/cos/index.html > > see the ServletUtils.returnFile method...this should get you started. > > Be sure to read the license before using or looking at this code. > > cheers > fillup -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>