-
1. Re: Datasource security in multiuser environment
dediana Dec 27, 2002 4:11 PM (in response to dediana)Sorry, if I have it configured for CMP one just can access the database using JDBC if he knows user and password, so it´s not a problem.
But the problem persists because one can access the datasource using a BMP bean (it´s just do a lookup and get the DS).
Dediana -
2. Re: Datasource security in multiuser environment
luke_t Jan 1, 2003 8:20 PM (in response to dediana)Hi,
Assuming I'm getting you straight, why do you want to use both app-server and database level security? This will prevent you from sharing connections between different users and you'll lose the benefits of having pooled connections.
There is a method on the DataSource interface which takes a username and password, so you could use this, mapping the information from your J2EE users to your database users as you see fit.
Luke. -
3. Re: Datasource security in multiuser environment
davidjencks Jan 2, 2003 1:02 AM (in response to dediana)I don't understand what you are trying to do, there are many possibilities consistent with your description. However, I suggest you look into using the CallerIdentityLoginModule.
-
4. Re: Datasource security in multiuser environment
dediana Jan 3, 2003 1:08 PM (in response to dediana)Luke: This is my scenario: if I only use app-server level security, a user can use JDBC to have access to another user´s database if she has the db´s URL. If I only have db level security, a user can access other user´s datasource if she has the JNDI name of this DS. So I have to have both security levels.
David: It was exactly what I was looking for.
Thank you both for the help.
Mauricio