Securing User Centric Resources (e.g. their images)

I need to secure user resource files (like their video/images etc) using Spring security so that only th开发者_StackOverflow社区e user who uploaded these can have access to them.

Thinking of scalability would it be better to

1) Write my own "UserResourceServlet" and check the securitycontext for each resource file requested?

2) Write a servlet filter that validates the user when they try to access a specific resource going via the tomcat default servlet (e.g. http://my.domain/images/user......

3) Another method? Ideally i would like for Apache to handle static files as I feel it could be intensive if I have a servlet managing the download of potentially 1000's of resource files that could be >2 Meg each?

I would like to have this to be a scalable option so don't like 1 and don't know if 2 is a feasible open and if so, the correct approach? Any ideas appreciated?

Authentication needs to be managed by Spring security..

Thanks,

Ian.

You can use option 2 with a slight change - after filter decides to grant user an access to the resource, the request can be forwarded to another application (Apache in your case) responsible for serving the actual content (and not accessible by requests coming from outside of your network).