[OT] Re: using a datasource connection pool resource with username and password supplied by user

[Bob Hall]

If the DB login requirement is removed you might
want to take a look at Apache Turbine, it supports
finer-grained access to a web app.

http://jakarta.apache.org/turbine/index.html

- Bob


--- [EMAIL PROTECTED] wrote:

> Thanks for the suggestion Bob,
> 
> I think what you are saying about realms is valid
> and most likely the
> easiest way to enforce security.  It would be my
> choice if it wasn't a
> corporate standards issue.  I will read up on the
> link you sent and see if
> I can get away with it in terms of meeting with
> policy.
> 
> Thank you all for your input.
> 
> Jeffery S. Eaton
> 
> 
> 
>

> Opinions contained in this e-mail do not necessarily
> reflect
> the opinions of the Queensland Department of Main
> Roads,
> Queensland Transport or Maritime Safety Queensland,
> or
> endorsed organisations utilising the same
> infrastructure.
> If you have received this electronic mail message in
> error,
> please immediately notify the sender and delete the
> message
> from your computer.
>

> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 




__ 
Yahoo! Music Unlimited 
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: using a datasource connection pool resource with username and password supplied by user

[Bob Hall]

Jefferey,

Are the uses going to be allowed to execute "ad hoc"
queries?  If yes, I can see why you would choose to
take the take the direct DB authentication route.

If not, then a a JDBCRealm could be used and specific
role(s) assigned to each user that would govern what
they could do in the webapp.  The isUserInRole()
method in HttpServletRequest can be used to protect
parts of the application as needed.

Info on JDBCRealms:


- Bob

--- [EMAIL PROTECTED] wrote:

> Good question Bob,
> 
> This system may eventually be implemented for the
> government department I
> work for in Queensland, Australia.  This project is
> a pilot one which will
> involve four separate district offices in four
> different cities.  The
> department has policies on data security which
> includes authenticating
> individual users to a database.  As this is a
> requirement I can't avoid I
> wanted to find a way to implement it even in the
> proof-of-concept stage.
> 
> User authentication can be implemented on the middle
> tier in Tomcat but I
> don't think this will satisfy the dept.
> requirements.  That being the case,
> my plan was to let the database decide if a user can
> get into the site.  If
> they are authenticated to the db then they have
> access to the site.  One
> other advantage of db authentication which will be
> important in this case
> is the separation of database roles.  Users will
> have access to update only
> the tables they are approved to access.
> 
> Jeffery S. Eaton
> 
> 
> 
>

> Opinions contained in this e-mail do not necessarily
> reflect
> the opinions of the Queensland Department of Main
> Roads,
> Queensland Transport or Maritime Safety Queensland,
> or
> endorsed organisations utilising the same
> infrastructure.
> If you have received this electronic mail message in
> error,
> please immediately notify the sender and delete the
> message
> from your computer.
>

> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 





__ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: using a datasource connection pool resource with username and password supplied by user

[Bob Hall]

Jefferey,

Coming into this thread late, but I'm curious.
Why do you want each user to obtain a connection
to the database, effectively logging into the DB,
instead of using a connection pool with a single,
application specific, DB userid/password?

- Bob

--- [EMAIL PROTECTED] wrote:

> Thanks Doug and Chuck,
> 
> I suspected as much re. the connection pool.  This
> sort of negates the
> value of it a little (for me anyway).
> 
> My original plan was to go with saving the
> connection to the session once
> it was established but I had read somewhere that
> connections are not
> 'serializable' and therefore the garbage cleanup in
> tomcat may kill the
> connection unexpectedly?!.?
> 
> Has anyone used session tracking to store database
> connections?  If so, has
> anything bad happened?
> 
> Doug to answer your question "How many users are
> there going to be on the
> system at once and can the
> system handle that many open connections?"...
> 
> I anticipate that the production version will have
> from 20 - 30 people
> updating information (in different cities ) and
> possibly 50 or so browsing
> the database for information.  The backend database
> will be ORACLE 9i
> running in MS Server 2003 on an IBM server.  In the
> pooled connection
> implementation I allowed for 150 concurrent users. 
> I think oracle running
> on a pretty beefy application server should be able
> to handle it.  The web
> server box will also be MS server 2003 on an older
> style server so I
> suppose the only scary part will be weaknesses (if
> there are any) in Tomcat
> itself.
> 
> Anyway, I will implement storing the connection in
> the session with the log
> out killing the connection.
> 
> Any comments or gotchas you know about would be
> useful.
> 
> Jeffery S. Eaton
> 
> 
> 
> 
> 
>

> Opinions contained in this e-mail do not necessarily
> reflect
> the opinions of the Queensland Department of Main
> Roads,
> Queensland Transport or Maritime Safety Queensland,
> or
> endorsed organisations utilising the same
> infrastructure.
> If you have received this electronic mail message in
> error,
> please immediately notify the sender and delete the
> message
> from your computer.
>

> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 




__ 
Yahoo! Music Unlimited 
Access over 1 million songs. Try it free.
http://music.yahoo.com/unlimited/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Getting NoClassDefFound error for Rectangle.class (rt.jar)

[Bob Hall]

Instead of rebuilding FOP, I wrote a simple test class
that attempts to instantiate 'Rectangle'.  It runs
successfully on one system and fails on the other
(the one with the NoClassDefFoundError):

$ java -Djava.awt.headless=true TestRectangle

Exception in thread "main"
java.lang.UnsatisfiedLinkError:
/usr/local/j2sdk1.4.2_08/jre/lib/i386/libawt.so:
libXp.so.6: cannot open shared object file: No such
file or directory

Sure enough, /usr/X11R6/lib/libXp.so.6 exists on one
box, but not the other.  Hopefully, it won't be too
much of an ordeal to get the missing piece(s)
installed.

- Bob

--- Bob Hall <[EMAIL PROTECTED]> wrote:

> No joy with "-Djava.awt.headless=true"; looks a
> rebuild of FOP on the target system... though that
> *really* does not make sense.
> 
> - Bob
> 
> --- Bob Hall <[EMAIL PROTECTED]> wrote:
> 
> > Thanks, David.  I'll try that.
> > 
> > If that doesn't do the trick I plan to build
> fop.jar
> > from source on the target machine.
> > 
> > - Bob
> > 
> > --- David Delbecq <[EMAIL PROTECTED]> wrote:
> > 
> > > if it's *java.awt.Rectangle*
> > > and the computer you are trying to run fop on
> does
> > > not have
> > > graphical environment, maybe you should wonsider
> > > using headless java
> > > see
> > >
> >
>
http://java.sun.com/j2se/1.4.2/docs/guide/awt/AWTChanges.html#headless
> > > 
> > > Bob Hall a écrit :
> > > 
> > > >I'm getting a NoClassDefFoundError in a FOP
> > class,
> > > >PageViewport.  At line 89, the code is
> attempting
> > > to
> > > >do
> > > >'new Rectangle()'.
> > > >
> > > >The same code works fine on 3 other systems (2
> > > >Windows,
> > > >and one Linux).  It does not work on a Linux
> box.
> > > >The two linux boxes have the same version of
> Java
> > > >(1.4.2_08-b03) and the same version of Tomcat
> > > 5.0.28).
> > > >The versions of RedHat *are* different.  I even
> > > >compiled
> > > >the code on the target Linux system.
> > > >
> > > >Any ideas?
> > > >
> > > >- Bob
> > > >
> > > >
> > > > 
> > > >__ 
> > > >Yahoo! Mail - PC Magazine Editors' Choice 2005 
> > > >http://mail.yahoo.com
> > > >
> > >
> >
>
>-
> > > >To unsubscribe, e-mail:
> > > [EMAIL PROTECTED]
> > > >For additional commands, e-mail:
> > > [EMAIL PROTECTED]
> > > >
> > > >  
> > > >
> > > 
> > > 
> > >
> >
>
-
> > > To unsubscribe, e-mail:
> > > [EMAIL PROTECTED]
> > > For additional commands, e-mail:
> > > [EMAIL PROTECTED]
> > > 
> > > 
> > 
> > 
> > __
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> > protection around 
> > http://mail.yahoo.com 
> > 
> >
>
-
> > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > 
> > 
> 
> 
> 
>   
> __ 
> Yahoo! Mail - PC Magazine Editors' Choice 2005 
> http://mail.yahoo.com
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Getting NoClassDefFound error for Rectangle.class (rt.jar)

[Bob Hall]

No joy with "-Djava.awt.headless=true"; looks a
rebuild of FOP on the target system... though that
*really* does not make sense.

- Bob

--- Bob Hall <[EMAIL PROTECTED]> wrote:

> Thanks, David.  I'll try that.
> 
> If that doesn't do the trick I plan to build fop.jar
> from source on the target machine.
> 
> - Bob
> 
> --- David Delbecq <[EMAIL PROTECTED]> wrote:
> 
> > if it's *java.awt.Rectangle*
> > and the computer you are trying to run fop on does
> > not have
> > graphical environment, maybe you should wonsider
> > using headless java
> > see
> >
>
http://java.sun.com/j2se/1.4.2/docs/guide/awt/AWTChanges.html#headless
> > 
> > Bob Hall a écrit :
> > 
> > >I'm getting a NoClassDefFoundError in a FOP
> class,
> > >PageViewport.  At line 89, the code is attempting
> > to
> > >do
> > >'new Rectangle()'.
> > >
> > >The same code works fine on 3 other systems (2
> > >Windows,
> > >and one Linux).  It does not work on a Linux box.
> > >The two linux boxes have the same version of Java
> > >(1.4.2_08-b03) and the same version of Tomcat
> > 5.0.28).
> > >The versions of RedHat *are* different.  I even
> > >compiled
> > >the code on the target Linux system.
> > >
> > >Any ideas?
> > >
> > >- Bob
> > >
> > >
> > >   
> > >__ 
> > >Yahoo! Mail - PC Magazine Editors' Choice 2005 
> > >http://mail.yahoo.com
> > >
> >
>
>-
> > >To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > >For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > >
> > >  
> > >
> > 
> > 
> >
>
-
> > To unsubscribe, e-mail:
> > [EMAIL PROTECTED]
> > For additional commands, e-mail:
> > [EMAIL PROTECTED]
> > 
> > 
> 
> 
> __
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 




__ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Getting NoClassDefFound error for Rectangle.class (rt.jar)

[Bob Hall]

Thanks, David.  I'll try that.

If that doesn't do the trick I plan to build fop.jar
from source on the target machine.

- Bob

--- David Delbecq <[EMAIL PROTECTED]> wrote:

> if it's *java.awt.Rectangle*
> and the computer you are trying to run fop on does
> not have
> graphical environment, maybe you should wonsider
> using headless java
> see
>
http://java.sun.com/j2se/1.4.2/docs/guide/awt/AWTChanges.html#headless
> 
> Bob Hall a écrit :
> 
> >I'm getting a NoClassDefFoundError in a FOP class,
> >PageViewport.  At line 89, the code is attempting
> to
> >do
> >'new Rectangle()'.
> >
> >The same code works fine on 3 other systems (2
> >Windows,
> >and one Linux).  It does not work on a Linux box.
> >The two linux boxes have the same version of Java
> >(1.4.2_08-b03) and the same version of Tomcat
> 5.0.28).
> >The versions of RedHat *are* different.  I even
> >compiled
> >the code on the target Linux system.
> >
> >Any ideas?
> >
> >- Bob
> >
> >
> > 
> >__ 
> >Yahoo! Mail - PC Magazine Editors' Choice 2005 
> >http://mail.yahoo.com
> >
>
>-
> >To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> >For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
> >  
> >
> 
> 
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Getting NoClassDefFound error for Rectangle.class (rt.jar)

[Bob Hall]

I'm getting a NoClassDefFoundError in a FOP class,
PageViewport.  At line 89, the code is attempting to
do
'new Rectangle()'.

The same code works fine on 3 other systems (2
Windows,
and one Linux).  It does not work on a Linux box.
The two linux boxes have the same version of Java
(1.4.2_08-b03) and the same version of Tomcat 5.0.28).
The versions of RedHat *are* different.  I even
compiled
the code on the target Linux system.

Any ideas?

- Bob



__ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]