Tim Moores wrote:The obvious approach would be to put the files in a directory that is not accessible outside of the application. All links would then have to go through a servlet (or some kind of action bean/class if you're using a web framework) which could perform all necessary authentication checks before serving the content of the files.
Thanks Tim but I don't think so it is appropriate solution to my problem. I try to elaborate the problem so that you can explain your solution if it is applicable.
All the files are kept at a common location on the JBOSS server. The page where links are displayed is displayed to a user only if he have the authorized access. But for example on the click of the link the url is generated like this:
Now if I copy this path and hit it directly on a new browser, the PDF file is opened without asking for any password because it is not calling any of the Servlet (in my case the action as I am using Struts) and hence there is no authentication happening.
What will be the best way to resolve this problem? Can I have any configuration in my JBOSS server to ask for password when user tries to access this path? Or how can I call my interceptor to verify the login and give error as the user is directly trying to access the file in an illegal way.