I've been delving through the Tomcat archives and various guru site
out there, trying to piece together a sound approach to handling
user authentication and rights access. I've seen some threads and
articles on using sessions, some references in the Tomcat archives
to JDBCRealm (which I cannot find anything more on), hooking into
databases .. etc. I find I am a bit miffed and coming here looking
for some suggestions.
My site ....
> will have static and dynamic pages
> will contain both protected and unprotected areas
> in the protected areas, will require logins
> each user will be assigned a role for the protected area
which grants access rights such as read, write, admin
- yes, an ACL model
Any thoughts on the best approach?
> Should I use JDBCRealm (an can someone send me the link
to docs please?)
> Should I use the session object to hold a URL to role access
hash once a user logs?
> Should I spin my own (YIKES!)?
Experts - do you have any opinions?
Much much thanx in advance.
Michelle