RE: JDBC Realm
- From: "Marc Perkowitz" <mperkowitz@xxxxxxxxxxx>
- To: "'oracle-l'" <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 7 Jul 2005 11:20:17 -0500
Yes, you have it essentially correct. I included a copy of a Realm we use
for one of our applications. The role is assigned by Tomcat when the user
is logged in successfully. This role can be used to restrict access to
screens by URL pattern. It probably can do other things too.
I do not know how Oracle App Server does this and whether it is similar.
Marc.
<!-- Replace the above Realm with one of the following to get a Realm
stored in a database and accessed via JDBC -->
<!-- This will be used for ACSS application -->
<Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
driverName="oracle.jdbc.driver.OracleDriver"
connectionURL="jdbc:oracle:thin:@nnnn.twjconsulting.com:1521:dev"
connectionName="acss" connectionPassword="xxx"
userTable="acss_user" userNameCol="acss_username"
userCredCol="password"
userRoleTable="acss_user_role" roleNameCol="acss_role" />
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of LeRoy Kemnitz
Sent: Thursday, July 07, 2005 8:09 AM
To: oracle-l
Subject: JDBC Realm
All-
I am trying to figure how the JDBC Realm works in Tomcat and if Oracle
App Server does something similar. I want to use Tomcat first to
understand the authentication process and then move to the Oracle App
Server.
Correct me if I am wrong, how I understand it the JDBC Realm is just an
environment where the usernames, passwords, and roles are kept in tables
in the database that can 'home-grown'. In the App Server, the OID holds
the usernames and passwords encrypted. The App Server can use the SSL
to secure connections to connect as well. But how does the web browser
session find out about the roles that the user has? I am new to the
Java world so forgive me if this is way off base.
LeRoy
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
