I developed a Java-backed webscript referenced by a third-party viewer. The webscript takes a filepath as the parameter and what it does is pull the file specified in the parameter, stamps an image watermark on the file, and returns the modified stream back to the viewer. I currently set the authentication to "auth" but the problem is, the viewer (a Java applet) prompts me for the userid and password (HTTP Basic Auth). I tried changing authentication to "none" but I get an error message saying that I was not authenticated. (The behavior actually makes sense).
How do I get around this?
The only option I could think of is Authenticate from within the Java code – the problem with this is the approach opens up a security risk because users can just do a "view source" on the view page and see the parameters I pass to the script.
