>If however, that does not help and you would be interested in
>exploring the possibility of using WS-Security (which is part of
>jwsdp1.4), please let us know, so that we can give you a detailed
>alternative solution
Thanks Anil,
Creating roles and users in DB and giving DBA access permissions will be very error prone and less flexible.I am not thinking about it.
I just want to use it in java layer.i am using JDO.
Plz giv me some hints abt security from database.JDBC is there so it's easy to retrieve username and password from DB and check it according to collected data from user.
there will be a 'user' table to store user details.and for authorisation,i'll create 2 tables named as,
user_role
role_permission
each user have a role.that mean in user table, a column will be there for his role.that will be the primary key of user_role table.
each user_role primary key will be associated to a role_permission.so each user role have a seperate permission for accessing the tables.that mean in role_permission table,a column will be there for user_role primary key.
Now there is no need of doing it in database layer.that mean creating DBA permissions.
i just wanna retrieve information from role_permission table and check the role of currunt user(retrieved from user_role table).this information can be used for restricting some tables(functionalities) from user.
for eg:
if(currentuser.getSecurityRole().equals(admin)){
doProcess();
else{
dontDoProcess();
}
So i can successfully overcome the problom.
But how can i deal it with JAX-RPC?.i need a good pattern and decision making abt it.
plz share ur thoughts,
Thanks
Shaba
Anil Kumar Tappetla <Anil.Tappetla_at_Sun.COM> wrote:
Hi Shaba,
please refer to
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html (Chapter 32,
XML and Web Services Security Section) for authentication techniques
with JAX-RPC.
As far as authorizing users to tables in your database, you
should be using the support offered by your database management system
to create roles/permissions.
If however, that does not help and you would be interested in
exploring the possibility of using WS-Security (which is part of
jwsdp1.4), please let us know, so that we can give you a detailed
alternative solution.
Thanks,
Anil.
>Hi all,
>
>I wanna use authentication and authorisation with JAX-RPC.
>
>So users login with username and password which was stored in a database.
>
>I wanna authorise some users to use some tables.Mean i wanna create user roles and permissions restrict access of some tables from some users.
>
>Any good reaource for this purpose dealing with JAX-RPC security authentication and autherisation from database?.
>
>Thanks,
>Shaba
>
>
>
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!