David Kerber wrote:
...There isn't a standard way of doing programmatical security of this nature - the nature of it is such that you have to write it yourself.That is essentially what I'm trying to do, using various built-in tools , such as java.security.acl.*, sun.security.acl.AclImpl, sun.security.acl.AclEntryImpl, sun.security.acl.PermissionImpl, etc. I'm just having trouble figuring out how these tools are intended to be used
I wouldn't start there when securing a web application, but other list members might. Sounds like the long route to a solution.
The spec defines role based access control; the majority of your problem can be resolved by configuring a Realm and your app so that restrictions can be applied on a URL by URL basis.
All of this can be done without having to use 'java.security.acl', but with the facilities provided by Tomcat.
I'd recommend looking/trying the realm thing before you proceed. p
Programmatical checks at each read/write point, using username based SQL queries if your user can be linked/related to the stock DB, it's a logical problem more than Tomcat problem I think.I know it's not primarily a Tomcat problem, which is why I initially posted in comp.lang.java.security. However, there are still no responses there after two days.Thanks for the comments! Dave --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
