Re: catalog-level security

Tennessee Leeuwenburg wrote:
> Tomcat authentication would be fine, indeed I think preferable. 
> Eventually, we want to tie it back to an LDAP server with a GUI 
> interface. I had envisioned using the roles/users in tomcat, set up to 
> authenticate with an LDAP server.


You can use LDAP in a Tomcat server. The book by Moczar has a section on it. 
Caveat - I havent done it.
> However, "what I need" is a way to restrict data access to authorised 
> users -- such as paying clients, classified material, research partners 
> etc. I would like something which is based on LDAP, because we can run 
> many of our other systems also using LDAP. That way, we can have a 
> central user database.
>
> In the meantime, is there any way to do catalog-level security?

Sort of, you can restrict specific resources like a specific catalog URL, by modifiying the web.xml. The problem is can you also restrict the data URLs? I guess yes, if you're able to keep all the restricted URLs under a particular URL path. This isnt as good as an integrated solution that I hope to get to sooner than later. 

Probably best to get another resource like the Moczar book ("Tomcat 5 
Unleashed") and study it some. My knowledge of this topic is still pretty limited.



> Cheers,
> -T
>
> John Caron wrote:
>
> > Hi Tennessee:
> >
> > I have been playing around with dataset-level security, but I havent 
> > completed anything yet. My idea is to just use Tomcat authentication. 
> > I can send you more details later. What are your requirements?
> >
> > Tennessee Leeuwenburg wrote:
> >
> > > Hi,
> > >
> > > We would like to implement catalog (or even dataset) level security 
> > > on our external server. I'm unsure how to do this. I understand how 
> > > to secure a particular web application, but I don't want to run a 
> > > separate server instance for every single user!
> > >
> > > Is there a recommended way?
> > >
> > > Cheers,
> > > -T