On Tue, 2 Apr 2002 12:16:24 +0530, rupalim <[EMAIL PROTECTED]> wrote:
>hi >we want to access Multiple instances of data base using >Entity beans depending upon the login details of the users.Can >some one help in how to do this. >as for example ..For user 'A' my bean should >access 'A' instance of the d/b and for user 'B' it should >access 'B instance of the same d/b.While deploying this bean we >need to specify the pool name which can access data of only one >instances of the data for all the users irrespective of the >user's login details. > >Thanks in advance > >rupalim Sadly, the J2EE security model is still maturing and you don't have any great options here as of yet. The limited possibilities are: 1. Use Bean Managed Persistence, in which case you can do bean managed authentication with the database. This is probably the simpliest option and has already been suggested on this list by others. 2. Deploy your entity bean multiple times (with a different datasource and JNDI name for each deployment) and have your session bean facade select the appropriate entity bean based on the user name. This gets the job done but is overly complex and ill advised. 3. Code your own javax.jdbc.DataSource and have it establish a new connection to the database each time based on the caller's identity. While this seems like a relatively straight forward solution, it turns out to become VERY complex when you consider all the transaction and connection pooling issues involved. Hence, this a task best left up to the app server vendors. Sadly, I know of no venders that have this kind of functionality out of the box. 4. Look for a vendor specific solution supporting single-sign-on. Security manager products like Netegrity have plugins for both Weblogic and Oracle, so that the users security principle can be shared seemlessly between the two. Your Oracle "Chinese Wall" could then be used to select the appropriate view of the database depending on the caller's identity. This option is likely expensive, but offers the most secure solution. With luck, standardizing the symantics for single-sign-on and authorization via a pluggable security manager will become a part of J2EE one day. But don't hold your breath, as it seems a long ways out. I looked into this issue at length this past JavaONE talking to vendors and spec leads alike. There seems to be some promise in a few of the recent JSRs, but all in all I was quite discouraged. Security seems to remain a weak link in J2EE and hope for real change seems a longs ways out. Meanwhile, .NET with it's Kerberos based security infrastructure and it's integrated platform (ie all Microsoft) looms right around the corner. What the future holds is uncertain. ***Note to J2EE spec leads, your comments on the future of single-sign-on are welcome.*** Doug =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
