> Sounds like a redesign is more appropriate.
>
> Memory issues aside, have you considered the fact that using individual
> security constraints for each and every user means that you have to
> restart the entire app every time you add a new user? Or, that every time
> you add a user and restart, the restart time gets longer and longer?
Thats a problem!
> Use application specific logic to ensure that a particular user can only
> see things that are relevant to them (i.e. their own mailbox in a
> WebMail scenario).
That was my original design idea. BUT, in this case I don't know how to
prevent someone to see the data from other users. How can I stop someone
from trying to access the mail from someone else? Supposing that all
"standard" users will have the same role, the security will allow him to see
all directories.
A question besides here, using JDBC realms is it possible to assign mutliple
roles to one user? How do I do it? Do I have to put several entries in the
user_roles table? One line for each role of the user?
Thanks in advance...
