Return-Path: 
 <tomcat-user-return-85357-apmail-jakarta-tomcat-user-archive=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org
Received: (qmail 91784 invoked from network); 2 Dec 2003 15:15:02 -0000
Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12)
  by minotaur-2.apache.org with SMTP; 2 Dec 2003 15:15:02 -0000
Received: (qmail 38766 invoked by uid 500); 2 Dec 2003 15:14:39 -0000
Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org
Received: (qmail 38750 invoked by uid 500); 2 Dec 2003 15:14:38 -0000
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-user-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-user-help@jakarta.apache.org>
List-Post: <mailto:tomcat-user@jakarta.apache.org>
List-Id: "Tomcat Users List" <tomcat-user.jakarta.apache.org>
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 38737 invoked from network); 2 Dec 2003 15:14:38 -0000
Received: from unknown (HELO rwcrmhc12.comcast.net) (216.148.227.85)
  by daedalus.apache.org with SMTP; 2 Dec 2003 15:14:38 -0000
Received: from comcast.net
 (pcp725580pcs.arlngt01.va.comcast.net[68.49.187.119])
          by comcast.net (rwcrmhc12) with SMTP
          id <20031202151440014007ao3ve>
          (Authid: christopher.d.schultz);
          Tue, 2 Dec 2003 15:14:40 +0000
Message-ID: <3FCCAE4D.1050706@comcast.net>
Date: Tue, 02 Dec 2003 10:22:53 -0500
From: Christopher Schultz <christopher.d.schultz@comcast.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Tomcat Users List <tomcat-user@jakarta.apache.org>
Subject: Re: SessionListener
References: <805197E9D6BEE44C816B68DC4E2D373F15E22F@sfavb2.sfa.com>
In-Reply-To: <805197E9D6BEE44C816B68DC4E2D373F15E22F@sfavb2.sfa.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

Justin,

> Won't quite do it, JDBCRealm looks for users in a database, I want to
> connect a user TO a database using their credentials, but the code to
> do this feat will be quite minimal by comparison.

This will make it hard to use a connection pool (which you mentioned
that you do/want to do).

Is there a particular reason for the database access paranoia? Most apps
connect to the db using the same login regardless of the user actually 
logged in to the application. They use other types of permission 
checking to see if you can perform some action, instead of relying on 
thr database for that kind of checking.

I absolutely agree that having multiple layers of security is great, but 
this one may make your application suck really bad, especially if you 
are using a db like Oracle, where the database connections are anything 
but "lightweight".

-chris


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org