I need some advise on the architecture.

Requirment :

  1. Customers have to upload and download images.
  2. Secure -- Only customers drenched in should have the ability to upload/download the pictures.
  3. Scalable.
  4. Load the look from the location in addition to the Application server location. this content might be saved on shared drives.

Different Approach, I possibly could think about :

  1. Presently there exists a prototype developed based of servlet. It really works pretty much. (I'm not sure if this sounds like scalable approach though). My servlet will get the request which sets the mime type and returns the look content.

  2. Configure Apache(before Tomcat) to render images but I don't know how you can enable security to ensure that just the user who submitted the look can download.

Are you able to please advise a better approach ?

thanks

I'd choose the servlet approach. When the servlet code is well crafted, I do not forsee scalability problems. This really is more an issue from the servletcontainer itself (and also the hardware used). Assigning this to apache is possible, but keeping the authentication synchronized can become a discomfort. I have not tried it before, but theoretically, your best choice will be a shared database and employ [cde] in Apache HTTPD and [cde] in Apache Tomcat.