We are attempting to build an application that allows clients to access data, stored in an Oracle database using the Corporate Information Framework, through a wide variety of means--straight SQL, web services, sockets, etc. Some of these methods would involve going through a Java application (either deployed in an app server or stand alone) and some would involve direct access to the Oracle RDBMS.
My question is two fold:
1. Is there anyway to set up both JAAS and Oracle security so that they both use the same users, roles, and groups? I realize that this may be as simple as setting up an LDAP server, but I am wondering if anyone has experience with this.
2. Is there anyway to programmatically, via Java, interact with the Oracle security infastructure?
The basic idea is this, whether a user requests data through a java application (thin client, web service, etc) or they access it directly through Oracle, their user permissions, at the row/column level should be the same. Therefore, whether they are interacting with an sql result set or they are interacting with objects, they should only be able to receive the same data.