David Kerber wrote:
Pid wrote:David Kerber wrote:...There isn't a standard way of doing programmatical security of this nature - the nature of it is such that you have to write it yourself.That is essentially what I'm trying to do, using various built-in tools , such as java.security.acl.*, sun.security.acl.AclImpl, sun.security.acl.AclEntryImpl, sun.security.acl.PermissionImpl, etc. I'm just having trouble figuring out how these tools are intended to be usedI wouldn't start there when securing a web application, but other list members might. Sounds like the long route to a solution.The spec defines role based access control; the majority of your problem can be resolved by configuring a Realm and your app so that restrictions can be applied on a URL by URL basis.All of this can be done without having to use 'java.security.acl', but with the facilities provided by Tomcat.I'd recommend looking/trying the realm thing before you proceed.I'll do that, but one quick question: can the realm thing get user information and authenticate against a database? This app has several hundred potential users and sites to which they will have access in varying combinations.
yup. configure FORM authentication for a nice login page, BASIC for a browser popup type thing with one of:
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#JDBCRealm Or, if you've (wisely) already setup a DataSource to provide JDBC: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#DataSourceRealm p
Programmatical checks at each read/write point, using username based SQL queries if your user can be linked/related to the stock DB, it's a logical problem more than Tomcat problem I think.I know it's not primarily a Tomcat problem, which is why I initially posted in comp.lang.java.security. However, there are still no responses there after two days.Thanks for the comments! Dave--------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
