Additionally, if you want more security, make your group and user views locked to a tomcat id (sql login that is). Then tomcat itself is locked out of other changes or looks into your sql database.
-Tim
Frank Febbraro wrote:
What about the fact that the groupId column in User is called id in the Groups table, would it be a case of making another view to accomplish that translation too?
Besides craeting views, which is easy, what are the other options here?
----- Original Message ----- From: "Shapira, Yoav" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Monday, December 08, 2003 10:48 AM
Subject: RE: More sophisticated JDBCRealm Security
Howdy, The typical solution in many cases involving JDBCRealm is (if you don't want to customize the realm by coding) to create a view for use by the JDBC realm. In your case, you'd create a view on the user table where only active users are shown, and configure the JDBC realm to query this view rather than the user table.
Yoav Shapira Millennium ChemInformatics
-----Original Message----- From: Frank Febbraro [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 10:48 AM To: Tomcat Users List Subject: More sophisticated JDBCRealm Security
In looking through the docs I am surpised that I dont see a way to do
some
more "sophisticated" JDBCRealm security. I may just be looking in the
wrong
place or misreading something so please let me know if I am.
My DB tables are arranged as follows
create table user ( id BIGINT NOT NULL AUTO_INCREMENT, email VARCHAR(100) not null unique, groupId BIGINT not null, password VARCHAR(20) not null, active BIT, primary key (id) );
create table groups ( id BIGINT NOT NULL AUTO_INCREMENT, role VARCHAR(255) not null, primary key (id) );
The email address is the "user login", password is obvious.
I would want something that would only let ACTIVE users log in (active
=
1), and User.groupId maps to Groups.id field.
Using the standard JDBCRealm I do not see how this is possible. Would I actually have to create my own custom Realm implementation in order to achieve these goals?
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
