tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michelle" <>
Subject user authentication
Date Mon, 13 Nov 2000 18:31:47 GMT
I've been delving through the Tomcat archives and various guru site
out there, trying to piece together a sound approach to handling
user authentication and rights access.  I've seen some threads and
articles on using sessions, some references in the Tomcat archives
to JDBCRealm (which I cannot find anything more on), hooking into
databases .. etc.  I find I am a bit miffed and coming here looking
for some suggestions.

My site ....
> will have static and dynamic pages
> will contain both protected and unprotected areas
> in the protected areas, will require logins
> each user will be assigned a role for the protected area
    which grants access rights such as read, write, admin
    - yes, an ACL model

Any thoughts on the best approach?

> Should I use JDBCRealm (an can someone send me the link
   to docs please?)
> Should I use the session object to hold a URL to role access
    hash once a user logs?
> Should I spin my own (YIKES!)?

Experts - do you have any opinions?

Much much thanx in advance.


View raw message