Hi!
Im using tomcat 5.0.28
Oracle 9i
Myeclipse 4.0 M2
Eclipse 3.1
on WinXP
I would like to Authenticate Users of my Application with JDBCRealm of Tomcat (or JAAS or an other framework).
Tomcat is used to have 3 tables containing usernames, passwords(!!!), roles and so on. But I think, it is very dangerous and in my case forbidden, to mix up Administrator accounts with full access to the user data, and the Single Signon Account for tomcat, which should check the Authentification.
So my plan looks like this:
My Singlesignon-Account, used by tomcat, has grants to a function called “checkUserAuthentication(username, password)”, which returns the status of the Authentication (e.g. -1 is => Account locked, 0 => OK). This function is implemented as pl/sql stored procedure. The Singesignon-user cant fetch the passwords of all users – only the interna of the function can compare the given password with the passwordlist stored in the database.
An additional feature should be the ability, to disable some control-elements within the project, when user-roles are not given. I would like to implement a function, which returns every role assigned to a username (eg. function getroles(username) return recordset).
However, I would like to force the application, when user did not log in (because he is using an old link), to display my login page. After logging in, the user should be redirected to the requested page.
So my question: is there a framework available, or is it necessarry to implement this features by myself?
greetings
Martin