[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: catalog-level security

Tennessee Leeuwenburg wrote:
Tomcat authentication would be fine, indeed I think preferable. Eventually, we want to tie it back to an LDAP server with a GUI interface. I had envisioned using the roles/users in tomcat, set up to authenticate with an LDAP server.

You can use LDAP in a Tomcat server. The book by Moczar has a section on it. Caveat - I havent done it.

However, "what I need" is a way to restrict data access to authorised users -- such as paying clients, classified material, research partners etc. I would like something which is based on LDAP, because we can run many of our other systems also using LDAP. That way, we can have a central user database.

In the meantime, is there any way to do catalog-level security?

Sort of, you can restrict specific resources like a specific catalog URL, by modifiying the web.xml. The problem is can you also restrict the data URLs? I guess yes, if you're able to keep all the restricted URLs under a particular URL path. This isnt as good as an integrated solution that I hope to get to sooner than later.

Probably best to get another resource like the Moczar book ("Tomcat 5 
Unleashed") and study it some. My knowledge of this topic is still pretty limited.

Cheers, -T

John Caron wrote:

Hi Tennessee:

I have been playing around with dataset-level security, but I havent completed anything yet. My idea is to just use Tomcat authentication. I can send you more details later. What are your requirements?

Tennessee Leeuwenburg wrote:


We would like to implement catalog (or even dataset) level security on our external server. I'm unsure how to do this. I understand how to secure a particular web application, but I don't want to run a separate server instance for every single user!

Is there a recommended way?


NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.