As I understood the question, he is interested in storing the actual
permissions in a database, not just the user info. This kind of thing is
required if you are using a java client which needs to be able to gray out
menus and other UI, based on what the current user is allowed to do.
The only way that I have found to do this is either to read your deployment
descriptior, and store the retrieved permissions to the database. If anyone
has a better solution, I'd be interested to hear it.
Mike
----- Original Message -----
From: "Joseph B. Ottinger" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: Friday, May 18, 2001 5:21 AM
Subject: Re: Orion and Security
> Doug, you're describing something well within J2EE's role specification's
> capabilities; just define roles that can get to a given resource, assign
> users to those roles, and then store those users in a database. For a
> simple example, see http://adjacency.org/atm/ -- it's still being written
> at the moment, but it's becoming more complete daily, and already covers
> user security in principals.xml and the EJBUserManager. Also,
> www.orionsupport.com has docs on using the data-store usermanager.
>
> On Thu, 17 May 2001, Doug Pham wrote:
>
> > Hi All,
> >
> > Customer security is the question here. Has anyone develop a security
> > system where all the information is located in the relational database.
I
> > would like the security to be held at the application server but as we
go
> > into each restricted page, it will send the page info to the
securityManager
> > which will send back the response privileges where the page can
determine
> > from there. Basically the secuityManager is at the server level and
will
> > hold all the security information for a particular user for all the
> > applications available for that server.
> >
> >
> > Thanks
> >
> > Doug Pham
> >
>
> -----------------------------------------------------------
> Joseph B. Ottinger [EMAIL PROTECTED]
> http://adjacency.org/ IT Consultant
>
>
