Re: catalog-level security

• To: Tennessee Leeuwenburg <t.leeuwenburg@xxxxxxxxxx>
• Subject: Re: catalog-level security
• From: John Caron <caron@xxxxxxxxxxxxxxxx>
• Date: Mon, 05 Dec 2005 10:08:27 -0700

Tennessee Leeuwenburg wrote:

Tomcat authentication would be fine, indeed I think preferable. Eventually, we want to tie it back to an LDAP server with a GUI interface. I had envisioned using the roles/users in tomcat, set up to authenticate with an LDAP server.

You can use LDAP in a Tomcat server. The book by Moczar has a section on it. 
Caveat - I havent done it.

However, "what I need" is a way to restrict data access to authorised users -- such as paying clients, classified material, research partners etc. I would like something which is based on LDAP, because we can run many of our other systems also using LDAP. That way, we can have a central user database.

In the meantime, is there any way to do catalog-level security?

Probably best to get another resource like the Moczar book ("Tomcat 5 
Unleashed") and study it some. My knowledge of this topic is still pretty limited.

Cheers,
-T

John Caron wrote:

Hi Tennessee:

I have been playing around with dataset-level security, but I havent completed anything yet. My idea is to just use Tomcat authentication. I can send you more details later. What are your requirements?

Tennessee Leeuwenburg wrote:

Hi,

We would like to implement catalog (or even dataset) level security on our external server. I'm unsure how to do this. I understand how to secure a particular web application, but I don't want to run a separate server instance for every single user!

Is there a recommended way?

Cheers,
-T

• References:
  • catalog-level security
    • From: Tennessee Leeuwenburg
  • Re: catalog-level security
    • From: John Caron