• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Application Security Suggestions Needed

 
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not sure if I should post this question here, or to the Tomcat forum. I have a Tomcat server and (for now) a single application that uses java beans to login to a backend Oracle database. Eventually there will be many applications and many users on the server. I'm going to be developing a portal type application where there will be many application links - a different list of links depending on who is logged in. User A will see (and have access to) links A, B and C. User B will see (and have access to) links X, Y and Z. I've started poking around at some different options, but I'm not really sure what my options are and what I should be looking for. Basic authentication doesn't seem like what I want. Other than that, help! Should I be looking at Tomcat Security Realms? OpenLDAP? JAAS? j_security_check? All of the above? None of the above? Something else?

We're heading towards AD although we're not quite all the way there yet, but can I use that to authenticate access to the various applications?

Basically I just need some pointers on what to research that will do what I outlined above. Am I heading in the right direction? Any pointers on what I should be looking into would be most appreciated! Thanks!
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Basic authentication, Tomcat Security Realms, OpenLDAP, JAAS, j_security_check, AD


There's actually a fair amount of overlap in this list. j_security_check indicates form authentication which -like basic authentication- is one of the forms of web app security as defined by the servlet spec. Tomcat ties these to repositories of user information called realms. Out of the box, Tomcat ships with realms that keep the user information (usernames, passwords and roles) in files, databases, LDAP or JAAS. I believe that AD is accessible via LDAP, so that could be used as well.

Before going into more detail, does this help? Let us know if you have more specific questions (which I think is likely - it's a confusing subject when one first approaches it).
[ July 25, 2008: Message edited by: Ulf Dittmer ]
 
K DeLucia
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've printed out a ton of information from various sources. I'll look it over this weekend and will be back with questions on Monday I'm sure. Thanks for that bit. It helps get me started!
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic