I think what you need here is to define the datasource.xml for each
application. This is then placed in the deployment folder for the
application just like the principles.xml. This bind a datasource or
multipule datasources to the app and not to the server.
SnowWolf Wagner, MAIP
-----Original Message-----
From: Cliff Rowley [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 13, 2001 2:09 PM
To: Orion-Interest
Subject: Security between applications?
Greetings,
We are currently evaluating the various J2EE solutions available for a
venture that we hope to deliver to the world in a few months. Whilst
reading the documentation for each, I dont appear to be able to configure
Orion to suit the way the project will work.
In order for our application to be of any use, we need to be able to
implement a fair amount of security, since JSP pages may be at the mercy of
people who are not us.
Basically the application will provide a farm of hosts on which we will be
offering certain services. Each application needs to have a data source
that it, and only it has access to. The current problem as I see it is that
if I define a connection in data-sources.xml, then every web application
deployed on the server or cluster of servers has access to it. We need some
way of securing that while still being able to use EJB in all its glory. We
need to be able to offer the opportunity of creating and editing content
without compromising the security of other applications on the system.
Could anyone give us some tips and pointers on this?
Thanks
Cliff Rowley
