Security Model

Security for the generated application is managed in the seperately provided JGSEC Manager Application and Database.

The Tomcat server must be configured to use JGSEC for user authentication.

The Tomcat Realm is setup as

The security model uses the Tomcat server login security as a basis, and extends it with row level access control.

The Tomcat security details are derived from the access definitions in the JGSEC Manager. The JGSEC Manager is seperate to the generated application. It is possible to create users and groups to manage the security of the generated application[s], without them having to have access to the generated application[s].

The view vw_tomcatusergrouplookup is defined as

Group access is determined by the following view :

Submitter access is determined by the following view :

User Group membership is determined by the following view :

    Every servlet by type is deployed to a specific URL. These are listed in the web.xml for the deployed application :

    If a table definition is set with PUBLICACCESS = TRUE, it will be deployed to the /public URL, where any user may access it.

    When a URL is accessed, the first user authorisation check is performed by the Tomcat server, according to the defined URL access per User.

    If the user passes Tomcat user validation, the requested servlet then determines what row level control to apply to the user.