I have a web application that is using Seam and it includes a web start application. I need users to have to sign in before they can start/download the web start.
My problem is that I cant find a solution to secure access to the jnlp and related jars behind the login to the Seam app. So for example, if someone was to learn the URL of the jnlp/jar(s), they could simply type it in the address bar and download them without logging in. Is there a way to secure access to such resources using a Seam authentication method? If so, could you give me a pointer to a page of documentation or example that I must have missed.
I also had this problem trying to secure .swf resources obtained after logging into a Seam app.
Solved it by adding this line to components.xml :
<web:authentication-filter url-pattern="/secure/*" auth-type="basic"/>
Resources in the /secure directory are available after Seam authentication.
Not sure if that is the best way to go, but it is the only appraoch I have been able to find.