There exists a tomcat webapp which supplies webservices that are protected using Spring Security. The customer constitutes a call to some specific authenticationService method which we authored to authenticate them and make an authToken that is then accustomed to register all of them with Spring Security as so:
SecurityContextHolder.getContext().setAuthentication( authToken )
That's all fine and good. However, we have the necessity that authenticated customers have the ability to access static content that is offered by Apache (httpd) on a single server. It is possible to method to enforce the necessity the user continues to be authenticated (by Java/Spring) before they are able to download the static content? It appears like Apache and Tomcat would need to in some way share the SecurityContext.
OR - alternatively it appears like Tomcat could serve the static content itself because it already can access the SecurityContext. If that's the very best solution, could anybody give a pointer to the way we would get tomcat to achieve that (serve static content after checking the user continues to be authenticated).