Individual JDBC authentication to the database?

Discussions

EJB design: Individual JDBC authentication to the database?

  1. Individual JDBC authentication to the database? (5 messages)

    We have been scoping out a new appication for a while and want to use J2EE EJB's to implement objects in the middle tier. We have done some design with entity beans but now may be stuck. We have a requirement to authenticate users to the database using individual user names and passwords. This means that a generic connection pool is out of the question when adding data to the system. Is there some kind of design pattern that addresses this issue?

    Thanks for any help.

    Tony
  2. Tony
    Which Application server you are using?If it is WebLogic,I can help you.
    Where do you want to store your user names?In database or Application server?
    Thanks
    Lawrence
  3. Lawrence,
    We have been playing with Sun's J2EE and also JRun. We have not purchased any application server yet. We are using Oracle as the persistant store and we may end up with their Application Server environment next year for reasons other than my project.
    We want to store user names with roles and privs. in the database so if the database is accessed through the SQL command line we still have control over access and privs. The data is buisness proprietary so we just want to be able to control it at that one level. The application we are writing is going to be used intra-net with controlled access through firewalls and VPN connections.
    Thanks,
    Tony
  4. Tony,
        If I got u right, ur aim is to create an access control list for the clients to ur middle-tier(consisting of EJBs)which has to be mapped to the users stored in the database.
    Now as per the EJB spces, u can always create ACL for ur EJBs which can be mapped to specific application roles during deployment time. This is a must for any 1.1 compliant EJB server. And Weblogic provides mechanisms for similar ACLs to various types of resources (database connection pool is one of them). So if u Weblogic, u can first create a set of application roles which u also have for the database, give them access to the connection pool u r gonna use,and then create a set of users to ur beans and map them to that same set of application roles. So that way any client to ur EJB, that wishes to access the database thru those EJBs and eventually thru the connection pool, has to have the same user access to the database. I've not worked with JRun, but I think it should give provisions for creating ur own ACL.

    Arindam
      
  5. Tony
    Allaire JRun3.0 is fully J2EE Implemented.So It supports ACL.
    If you want to make direct authentication,you can use JSP from the client page or write a session bean to invoke the entity bean which contains business methods for security.
    Thanks
    Lawrence
  6. Tony,

     Did you get an answer to this? If so post it. We want to do essentially the same thing...

    Mike