Doug, you're describing something well within J2EE's role specification's
capabilities; just define roles that can get to a given resource, assign
users to those roles, and then store those users in a database. For a
simple example, see http://adjacency.org/atm/ -- it's still being written
at the moment, but it's becoming more complete daily, and already covers
user security in principals.xml and the EJBUserManager. Also,
www.orionsupport.com has docs on using the data-store usermanager.
On Thu, 17 May 2001, Doug Pham wrote:
> Hi All,
>
> Customer security is the question here. Has anyone develop a security
> system where all the information is located in the relational database. I
> would like the security to be held at the application server but as we go
> into each restricted page, it will send the page info to the securityManager
> which will send back the response privileges where the page can determine
> from there. Basically the secuityManager is at the server level and will
> hold all the security information for a particular user for all the
> applications available for that server.
>
>
> Thanks
>
> Doug Pham
>
-----------------------------------------------------------
Joseph B. Ottinger [EMAIL PROTECTED]
http://adjacency.org/ IT Consultant
