I'm trying to use Tomcat to check if someone has the correct credentials to access certain files (txt,doc,xml,etc...) and if they do I want to send the request back to apache to serve up the file. Is this possible?
For Example: A user might request file /Files/20952/batch-20060619.xml . I want to make sure that this user is client 20952 (which is stored in session). If they are, then I want apache to serve up the file. I used to do this with mod_perl pretty easily, you just returned a DECLINED status (after validating the session) and apache would handle it. I figure that since Java is much more flexible that I could do something similar.
If Tomcat can serve up the file then that is fine too. I just don't want to muck about creating a ContentType based on the .extension and I don't want to break the "flow" of things for the client; If its a .txt file then I want it to display in the browser, if its a .doc file then I want the user's browser to decide what to do (display it or download it).
-Josh [ June 20, 2006: Message edited by: Josh Johnson ]
Thanks for the response Ben. I can't really do that because the browser needs to be denied access to the file if they don't have a valid session. If I merely send a redirect to their browser then that means that they could have accessed the file without validation. Granted, they would have to guess the correct URL, but I can't have that.