Re: Securing File System Resources ?
Re: Securing File System Resources ?
- Subject: Re: Securing File System Resources ?
- From: wojingo <email@hidden>
- Date: Tue, 13 Dec 2005 14:15:09 +1030
Dov Rosenberg wrote:
Our application has its own security model that controls access to our
information based on our own roles and permissions. We store files related
to our application on the file system where our application is running.
These associated files are served out by a web server. Our goal is to come
up with a scheme where we could apply our security model to control access
to these files via the web server. For example someone associates a PDF
with some meta data. We don¹t want the user to be able to bookmark the
underlying URL and email it to their friends for them to download without
having them authenticated by our service.
We are looking at a couple of different ideas.
1. Create a servlet filter to sit in front of the resources requests and
somehow tie that into our application logic
2. Create a regular proxy type of servlet that can accept requests and
validate them using our security model
3. Figure out a way to secure the filesystem using a Proxy server of some
type.
Any other thoughts or ideas are appreciated. Thanks in advance
I have seen an implementation something along the lines of:
1) Validated user requests private.pdf
2) Application is responsible for creating a symlink based on the
sessionid that points to the relevant resource.(The application actually
delegates the responsibility of creating a symlink to another app.)
3) url is created within the app for the user to access the pdf via a cgi.
4) A clean up process removes old symlinks.
This seemed to work well.
Alternately maybe writing your own WORequestHandler subclass would be
the way to go.
HTH.
- shaun
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden