We have many applications (stores) deployed In jboss, each have one or more users to perform store administration tasks. I'm thinking about best way to limit users to their own stores. Login information is stored In table: userId, password, storeId ...
First idea is to overwrite DatabaseLoginModule and put storeId attribute into Principal object, then handle access rules within application. Ideally login module should reject login with storeId different from 'current storeId'. Any idea? Thanks, Igor Semenko. ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
