4 Replies Latest reply on Jan 3, 2003 1:08 PM by Mauricio De Diana

    Datasource security in multiuser environment

    Mauricio De Diana Newbie


      I have a server that is shared among many users. Which application represents one user inside the server. I want to know if there is a way to set datasource configuration so the server guarantees that a user doesn´t access another user´s datasource.
      If I was thinking in using just JDBC, it would be OK, because the access control could be at getConnection() calls. But I need CMP too, so this is not an option.
      For CMP, I could have user and password hardcoded in the DS configuration file and have all security set at the beans descriptors. But in this case a user can access another user´s datasource using JDBC.
      What I need is a mechanism that can control someone´s access to a DS based on the identity of the caller. Is there a way to do this? Maybe pass user name and password or the role from EJB to DS using JAAS?