Jefferey,

Are the uses going to be allowed to execute "ad hoc"
queries?  If yes, I can see why you would choose to
take the take the direct DB authentication route.

If not, then a a JDBCRealm could be used and specific
role(s) assigned to each user that would govern what
they could do in the webapp.  The isUserInRole()
method in HttpServletRequest can be used to protect
parts of the application as needed.

Info on JDBCRealms:
<http://www.jajakarta.org/tomcat/tomcat5.0/en/docs/tomcat-docs/realm-howto.html>

- Bob

--- [EMAIL PROTECTED] wrote:

> Good question Bob,
> 
> This system may eventually be implemented for the
> government department I
> work for in Queensland, Australia.  This project is
> a pilot one which will
> involve four separate district offices in four
> different cities.  The
> department has policies on data security which
> includes authenticating
> individual users to a database.  As this is a
> requirement I can't avoid I
> wanted to find a way to implement it even in the
> proof-of-concept stage.
> 
> User authentication can be implemented on the middle
> tier in Tomcat but I
> don't think this will satisfy the dept.
> requirements.  That being the case,
> my plan was to let the database decide if a user can
> get into the site.  If
> they are authenticated to the db then they have
> access to the site.  One
> other advantage of db authentication which will be
> important in this case
> is the separation of database roles.  Users will
> have access to update only
> the tables they are approved to access.
> 
> Jeffery S. Eaton
> 
> 
> 
>
************************************************************
> Opinions contained in this e-mail do not necessarily
> reflect
> the opinions of the Queensland Department of Main
> Roads,
> Queensland Transport or Maritime Safety Queensland,
> or
> endorsed organisations utilising the same
> infrastructure.
> If you have received this electronic mail message in
> error,
> please immediately notify the sender and delete the
> message
> from your computer.
>
************************************************************
> 
> 
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
> 
> 



        
                
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to