hi dan
my thoughts: (pls do correct me if i've got it all wrong)
1. Do u really need to have a 1-1 mapping between J2EE roles and Database
accounts? AFAIK, there are 2 reasons to have multiple accounts: one for
different levels of access and the other for auditing who has done what.
When we use J2EE security, both the above requirements are satisfied at the
level of middleware itself. So, are there any dangers if u leave the task of
access control and auditing solely to the middleware and just go ahead with
one common connection pool for all ejbs? (ok, 2 DB accounts, one for
sys-admin and the other for all)
2. This question is on a different track. Assuming that multiple DB accounts
must exist, is it possible to do away with the alias between a J2EE role and
the db account name? Consider this, the appserver uses a set of 'realm
classes' to access the security realm. Generally the realm classes provide
information on user, password and group membership. Could these realm
classes be extended to provide the appropriate connection object based on
current role? (i am getting a feeling that i have only reworded ur original
question, but now that i have written it, i'll let it stay.)
awaiting ur response.
thanks
sriram
This e-mail and any files transmitted with it are for the sole use
of the intended recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient, please contact the sender by reply e-mail and
destroy all copies of the original message. Any unauthorised review, use, disclosure,
dissemination, forwarding, printing or copying of this email or any action taken in
reliance on this e-mail is strictly prohibited and may be unlawful.
Visit us at http://www.cognizant.com
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
