Home » RDBMS Server » Security » Oracle Label Security in J2EE?
Oracle Label Security in J2EE? [message #246552] Thu, 21 June 2007 05:20
lars3006
Messages: 9
Registered: November 2006
Junior Member
Hi all,

Currently, I'am working on a J2EE eGovernment application. The customer requires configurable, field based security for most of the database tables. There are several user groups (with a defined set of roles) at different locations. Users of one location are not allowed to access the data of another.

For each of the user group the customer specified a set of criteria that must be met in order to have READ / WRITE access to database table rows and fields.

Normally, I would have applied declarative and programmatic role based security (via JAAS) and done it in Java. However, this approach is hardly configurable via GUI. Furthermore I would like to avoid to create a proprietary security manager since we are dealing with highly sensitive data.

I think this is a common problem I am experiencing and I hope to find a solution on database level. This is why I am evaluating Oracle Label Security. I'am not much into Oracle Label Security though. So I have a couple of questions:

* Is there somebody out there who uses Oracle Label Security in a J2EE application ?

* Virtually all application servers (we are using JBoss) use database connection pooling. Oracle Labels Security, however, relies on SYS_CONTEXT for storing security profile data. I do not see how to assign a security profile to a user when the db session is shared. Is there a way to get around this shortcoming?

Thanks,
Lars


Previous Topic: Multi-tier auditing in Oracle from Business Objects
Next Topic: Hiding a Field.
Goto Forum:
  


Current Time: Thu Mar 28 08:02:02 CDT 2024