We have included powerful security features in Instant JChem, but have tried to ensure that this only manifests itself when necessary and is not too invasive. For instance, when using a local database it is logical that you should have full control over the database, so security features should not get in the way of you doing your work. But when working with a multi-user database it obviously makes sense to provide some form of access control to ensure that there are controls on which operations each user can perform, and prevent one user's modifications from conflicting with other users' - after all we want to avoid mid-air collisions!
Each Instant JChem Schema has its own security settings, allowing you to define appropriate security settings as needed.
Instant JChem security is based on the security implementation of the Spring Framework. Spring Security (formerly known as Acegi) provides a robust, flexible and well tested security framework that can be used by applications like Instant JChem, without needing to reinvent the wheel. Its full power lies in the ability to configure Instant JChem according to your own particular security needs, rather than imposing any particular security model on you.
Flexibility is great, but Instant JChem also comes with a number of standard security templates that can be used out of the box with no or minimal customisation. This allows you to quickly configure security in your multi-user databases.
Standard security templates
Instant JChem currently comes with these security configuration templates:
Anonymous authentication: for use with local databases or single user remote databases. Under this security model, you are automatically logged in with full access rights and you would not notice that any security was in place unless you read this!
Username/password file: for use where you need a very simple way to provide access control, but security is not a high concern. Username and passwords are stored in plain text within the security configuration file which in stored inside the particular Instant JChem database.
Authentication within the Instant JChem database: Usernames and passwords are stored in special Instant JChem database tables. Passwords are encrypted, and a mechanism for managing users and passwords is provided. This is a better solution where security is a concern.
Authentication using database accounts: Each user has their own usernames and password for the database and once connected to the database that username is used as their IJC username.
Authentication using LDAP: Usernames and passwords are stored on an external server and accessed using Lightweight Directory Access Protocol. This is most appropriate if you already have a large amount of user information available on a server and do not wish to duplicate this information within IJC.
Authentication using Microsoft Active Directory: Active Directory is Microsoft's way of doing LDAP. Using this approach allows you users to use the same username and password that they use to log in to Windows. In most aspects its identical to LDAP, but the configuration is slightly different.
One the key benefits of using the Spring Security implementation is its flexibility. This will allow the security configuration of Instant JChem to be configured according to your needs. It should be possible to configure Instant JChem according to your needs with relatively minor customisation. This should allow you to configure Instant JChem against your own security architecture (Database, LDAP, Active Directory, single sign on solutions...). Please contact us for more information if you wish to investigate these options.