need advice: servlet gets access, users get auto-authorized

I need some advice on what tools to use for implementing a PDF pre-fill
solution. Here's the scenario:

User clicks PDF link, apache passes request to servlet which verifies that
user can click that link. If auth'd, servlet requests PDF *itself*
(avoiding a servlet loop) and performs pre-filling of fields before sending
to user. if not auth'd, servlet gives "denied" page to user.

Restrictions:
* PDF accessed by only one URL, as determined by a content server
* needs to be transparent to user (ie. no password, user interaction)
* need to avoid "security through obscurity" for legal/compliance reasons
* servlet exists on different server/instance/farm than content(I might be
able to change this...)

My initial thoughts were to do this through mod_rewrite, but I'm not sure
what I could pass from the servlet as a "key" that the user couldn't fake.
I thought about somehow sharing valid generated keys between apache/servlet,
but it would probably be disk-based and NFS wouldn't be fast enough(?)

pre-thanks for any ideas.

bs
--
View this message in context: http://www.nabble.com/need-advice%3A-servlet-gets-access%2C- users-get-auto-authorized-tp25063957p25063957.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org