Your users and roles are in a DB? It's almost JDBCRealm, except you have a table of roles for each application.
Take a look at the JDBCRealm and I bet you could make your own Realm based loosely on that. - Andrew > -----Original Message----- > From: Hookom, Jacob John [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 21, 2002 4:20 PM > To: [EMAIL PROTECTED] > Subject: Realm Security Implementation Question [OT] > > > We are trying to figure out a way to handle realm-based > security in a multi-application environement where users and > their roles are specified in a DB. Users are stored in one > table with password and there is a table for each application > definining permissions for the user. > > I have been looking at the new JAASRealm the Craig put > together, but I'm not sure if it's exactly what we need or if > it's going overboard. Otherwise we have to represent roles > in this manner: [applicationName]:[applicationId]:[role] and > have a specialized realm do string parsing to validate roles > within an application. Our applications are deployed under a > single war to take advantage of a pseudo single sign-on. > > Any suggestions would be apprechiated, > > Jacob > > -- > To unsubscribe, e-mail: > <mailto:tomcat-user-> [EMAIL PROTECTED]> > For > additional commands, > e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>