tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hookom, Jacob John" <>
Subject Realm Security Implementation Question [OT]
Date Wed, 21 Aug 2002 20:19:56 GMT
We are trying to figure out a way to handle realm-based security in a multi-application environement
where users and their roles are specified in a DB.  Users are stored in one table with password
and there is a table for each application definining permissions for the user.
I have been looking at the new JAASRealm the Craig put together, but I'm not sure if it's
exactly what we need or if it's going overboard.  Otherwise we have to represent roles in
this manner: [applicationName]:[applicationId]:[role] and have a specialized realm do string
parsing to validate roles within an application.  Our applications are deployed under a single
war to take advantage of a pseudo single sign-on.
Any suggestions would be apprechiated,

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message