I need some advice on what tools to use for implementing a PDF pre-fill solution. Here's the scenario: User clicks PDF link, apache passes request to servlet which verifies that user can click that link. If auth'd, servlet requests PDF *itself* (avoiding a servlet loop) and performs pre-filling of fields before sending to user. if not auth'd, servlet gives "denied" page to user. Restrictions: * PDF accessed by only one URL, as determined by a content server * needs to be transparent to user (ie. no password, user interaction) * need to avoid "security through obscurity" for legal/compliance reasons * servlet exists on different server/instance/farm than content(I might be able to change this...) My initial thoughts were to do this through mod_rewrite, but I'm not sure what I could pass from the servlet as a "key" that the user couldn't fake. I thought about somehow sharing valid generated keys between apache/servlet, but it would probably be disk-based and NFS wouldn't be fast enough(?) pre-thanks for any ideas. bs -- View this message in context: http://www.nabble.com/need-advice%3A-servlet-gets-access%2C-users-get-auto-authorized-tp25063957p25063957.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|