[Catalyst] recommended/best practice way of serving static files after authentication?

[John SJ Anderson]

  $WORK-mate is working on a Cat app that (among other things) allows
  authenticated users to download from a set of static files. He's
  wondering what the best way is to set things up so that the Cat app
  can handle the authentication/authorization parts of things but then
  hand the static file serving part off to Apache.

  Thanks for any help/hints. 

john.
-- 
If you have `some weird error', the problem is probably with your
frobnitzer.
  Mark Jason Dominus's Good Advice #11938