| Oracle Label Security in J2EE? [message #246552] |
Thu, 21 June 2007 05:20 |
lars3006
Messages: 9
Registered: November 2006
|
Junior Member |
|
|
Hi all,
Currently, I'am working on a J2EE eGovernment application. The customer requires configurable, field based security for most of the database tables. There are several user groups (with a defined set of roles) at different locations. Users of one location are not allowed to access the data of another.
For each of the user group the customer specified a set of criteria that must be met in order to have READ / WRITE access to database table rows and fields.
Normally, I would have applied declarative and programmatic role based security (via JAAS) and done it in Java. However, this approach is hardly configurable via GUI. Furthermore I would like to avoid to create a proprietary security manager since we are dealing with highly sensitive data.
I think this is a common problem I am experiencing and I hope to find a solution on database level. This is why I am evaluating Oracle Label Security. I'am not much into Oracle Label Security though. So I have a couple of questions:
* Is there somebody out there who uses Oracle Label Security in a J2EE application ?
* Virtually all application servers (we are using JBoss) use database connection pooling. Oracle Labels Security, however, relies on SYS_CONTEXT for storing security profile data. I do not see how to assign a security profile to a user when the db session is shared. Is there a way to get around this shortcoming?
Thanks,
Lars
|
|
|
|
] 
Blog
Search
Help
Members
Register
Login
Home
