i am in the beginning stages of architecting a new N-Tier application. i am using JBoss and MySQL 5. it is a government application so auditing and security are a nightmare.
The way i have designed all my systems in the past has been the database has a user table and i build in my own user securty systems. im afraid with the data that this system is going to include, that probably isn't going to be enough. there are going to be so many tables and so many fields that i would rather use MySQL's security system to decide what data a person can see and write the systems to manage that.
that leads me to my problem. in the past i have always had a single database user account that the entire application uses. that user and pass was stored in a configuration file somewhere in the app and all is well. but that won't work here. the client portion of the application will be using EJB's to get to the business logic and ultimatly the data in the database, how/can i set up my entity beans that will be doing the actual read and writes to the database to not use a common configured user/pass, but use the user/pass combination that the user enters in the login screen.
no words of wisdom here?