Hi Yoav, Thanks for the message. The JDBC Realm provides a way to connect to an external user management system, so applications can verify user privileges in a standard way. But Tomcat does not provide any mechanism to manage users and roles, which is supposed to be implemented in the external user management system. And that's what I am looking for. The procudt should provide mechanisms to define application user management model, usually User/Group/Role/Permission model. It should also provide interface (either web interface or stand-alone application) to maintain the defined model, such as add/remove user, assign/revoke privileges to user.
People might suggest to use the Tomcat Admin service which provide web interface to maintain the user/role pairs. But that's too simple and not easy to maintain. Also the data is stored in the deployment file, but a DBMS storage is obviously preferred by most developers. Or is there a better Tomcat solution I did not know? Thanks Gang Wu -----Original Message----- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, October 27, 2003 11:16 AM To: Tomcat Users List Subject: RE: Centralized user management system Howdy, Tomcat can run with a JDBC Realm to authenticate users and define roles, and that likely has all the features you need. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JDBCRea lm Yoav Shapira Millennium ChemInformatics >-----Original Message----- >From: Gang Wu [mailto:[EMAIL PROTECTED] >Sent: Monday, October 27, 2003 11:07 AM >To: Tomcat Users List >Subject: Centralized user management system > >Hello everyone, > >I have several applications running on Tomcat server. When developing the >applications, each development team invented their own user management >system(basically a set of database tables and web interface). Now we got >into this kind of awkward situation: User has to remember different >users/passwords for each applications and login for every applications. > >We are going to develop some new applications and also need user >authentication. To avoid the multiple users/passwords problem, I'm looking >for a system to centrally manage users for multiple applications. Does >anybody know if there are any free or inexpensive systems I can use? It's >not possible for us to pay $100,000 for this kind of system. > >I took a look at the Tomcat user/role access control system, but I think >it's too simple for any application permission management. Am I wrong? > >Thanks > >Gang > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]