AW: DataSource Realm

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Struts - A MVC web framework

Tomcat - JSP/Servlet container

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

JSP - A mailing list about Java Server Pages specification and reference

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Oracle Connection Pooling in 3 2 2
•	Servlet : Session invalidate
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Tomcat and webapplication specific java library path
•	Running a Simple JMS Example
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	Cannot find message resources under key org apache struts action MESSAGE
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	url string for connecting jboss to oracle
•	Value attribute of <html:checkbox
•	javax servlet ServletException: BeanUtils populate
•	HTTP Status 404 The requested resource is not available
•	5 0 18: Windows XP Pro vs Windows 2000

AW: DataSource Realm

AW: DataSource Realm

2004-01-19 - By Pfingstl Gernot

Back
This isn't what I want to do. In this way, you described, the web application
can also obtain a DataSource and so a connection to the user database.

We have a tomcat admin, which sets up the user database. And a lot of people
which writes web application. The tomcat admin wants to protect the
userdatabase in the way that no application has access to it.

Gernot

-- --Urspr�ngliche Nachricht-- --
Von: Bruno.Melloni@(protected) [mailto:Bruno.Melloni@(protected)]
Gesendet: Montag, 19. J�nner 2004 15:00
An: tomcat-user@(protected)
Betreff: RE: DataSource Realm

This is probably not the only way to accomplish what you want, but a simple one
to code for.

1)Define your DataSource resource in <GlobalNamingResources> of conf/server.xml.
2)Add a <ResourceLink> to the DataSource in the application context file in
conf/Catalina/<yourserver>/<yourapp>.xml

This way the only applications that are able to access the datasource are the
ones with a <ResourceLink> entry.

-- --Original Message-- --
From: ext Pfingstl Gernot [mailto:gernot.pfingstl@(protected)]
Sent: Sunday, January 18, 2004 3:32 PM
To: tomcat-user@(protected)
Subject: DataSource Realm

If I want to use a DataSourceRealm (tomcat 4.1) like
<Realm className="org.apache.catalina.realm.DataSourceRealm

Source code of org.apache.catalina.realm.DataSourceRealm

"
dataSourceName="java:/comp/env/jdbc/authority" ... />
I had to configure a JNDI named JDBC DataSource "java:/comp/env/jdbc/authority"
. So all web applications can also use this DataSource and can read the user
-table - this is possibly a security hole. Is there a way to prohibit web
applications to use this DataSource?

Thanks,
Gernot

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)