2

I have this little big problem:

Tomcat is running on windows server 2008. There is a local directory: D:\archive. This directory holds about 40000 pdf files.

The application is a search utility with the goal to provide any pdf in this directory as a download. Tomcat is bound to active directory (JNDIRealm). The directory is mapped in server.xml using:

<Context docBase="D:\archive" path="/archive"></Context>

The application itself is deployed as /PDFDownload, which is protected with BASIC authentication.

how can I protect /archive using the same ldap bind ? I have already googled a lot and all I can find are examples on application context security or using apache in front of tomcat (if that is an option, how would I bind apache to active directory ?)

chris.b
  • 21
  • 2

2 Answers2

0

Write a simple DownloadServlet which reads the file from D:\archive and offers for download as a PDF file.

Check out this question: Implementing a simple file download servlet

More sample code http://www.coderanch.com/t/366358/Servlets/java/File-download-servlet

Community
  • 1
  • 1
gaborsch
  • 15,408
  • 6
  • 37
  • 48
  • 1
    Therefore we have to rewrite the application and they won't pay for it so that is not an option. I'll try to bind apache to AD and run it in front of tomcat. Didn't think it was possible. Thanks farzad and gaborsch. – chris.b Jan 17 '13 at 11:03
  • You can bind the same Apache Httpd before Tomcat as well. – gaborsch Jan 17 '13 at 11:12
0

We solved it by adding a WEB-INF directory to D:\archive and copied the default web.xml inside it. Then we added the security constraint to that copied web.xml and now the directory is protected. Thanks all who took the time to read and solve this problem.

chris.b
  • 21
  • 2