Hi Isomorphic,
I was wondering with the following scenario is possible with SmartGWT:
To be protected in the best possible way in a "Bobby Tables :)"/SQL Injection situation (which of course shouldn't happen with SmartGWT, but just in case) or to enforce business rules, I thought if it is possible to have the SmartGWT App impersonate itself against the DB with user provided credentials.
The current process (as described in https://isomorphic.atlassian.net/wik...mcat+JDBCRealm) looks like:
1) Login with name/passwd in a UserDatabaseRealm protected Tomcat Webapp (SmartClient Re-login enabled, but that shouldn't matter)
2) Tomcat checks the credentials using DB-connection given in Tomcat's server.xml
3) SmartGWT app loads with credentials supplied in the SmartGWT's server.properties file
I'd like to replace 3) with
3) SmartGWT app loads with credentials supplied by the user during login.
This would mean that for every user there must exist an Oracle User/Schema, but it would make it easier to log user access and actions on Oracle level and to use Oracle's GRANTs more granular.
Is that possible? Searching in the forums I found http://forums.smartclient.com/showthread.php?t=22195, which *might* be related to this, but is about something else.
Thank you,
Blama
I was wondering with the following scenario is possible with SmartGWT:
To be protected in the best possible way in a "Bobby Tables :)"/SQL Injection situation (which of course shouldn't happen with SmartGWT, but just in case) or to enforce business rules, I thought if it is possible to have the SmartGWT App impersonate itself against the DB with user provided credentials.
The current process (as described in https://isomorphic.atlassian.net/wik...mcat+JDBCRealm) looks like:
1) Login with name/passwd in a UserDatabaseRealm protected Tomcat Webapp (SmartClient Re-login enabled, but that shouldn't matter)
2) Tomcat checks the credentials using DB-connection given in Tomcat's server.xml
3) SmartGWT app loads with credentials supplied in the SmartGWT's server.properties file
I'd like to replace 3) with
3) SmartGWT app loads with credentials supplied by the user during login.
This would mean that for every user there must exist an Oracle User/Schema, but it would make it easier to log user access and actions on Oracle level and to use Oracle's GRANTs more granular.
Is that possible? Searching in the forums I found http://forums.smartclient.com/showthread.php?t=22195, which *might* be related to this, but is about something else.
Thank you,
Blama
Comment