Subject: Re: More flexible JDBCRealm implementation 1 2 3 4 5 6 7 8 9 (for ASP-style webapp) From: "Vic C." <[EMAIL PROTECTED]> === That is a frequent need.
What is needed is the concept of "organization", a 3rd field in every db table. I know how to manualy code (using getuserpricipal and a bean) but nothing automatic I can think of. Vic Soefara Redzuan wrote: > I've setup a JDBCRealm for Tomcat using MySQL. It works OK > but the database schema is not good for an ASP (application > service provider) model. For example, I would like several > companies to use the same webapp (each company should not > know of the other's existence) and each should be able to > create a user 'admin' and a user 'david' but in the way that > JDBCRealm is currently configured only one instance of any > user name is possible since it is the primary key in the users > table. Is there a better way to do this ? > > I followed instructions found on many websites for setting up > a JDBCRealm. > > The table schema is > > create table user_groups ( > group_id int not null auto_increment, > group_name char(24), > parent_id int not null default -1, > primary key(group_id) > ); > > create table users ( > user_name varchar(32) not null, > user_pass varchar(32) not null, > user_groupid int not null default -1, > primary key(user_name) > ); > > create table user_roles ( > user_name varchar(15) not null, > role_name varchar(15) not null, > primary key (user_name, role_name) > ); > > And in Tomcat's server.xml I have this in the appropriate context, > > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > driverName="org.gjt.mm.mysql.Driver" > connectionURL="jdbc:mysql://servername/databasename" > userTable="users" userNameCol="user_name" userCredCol="user_pass" > userRoleTable="user_roles" roleNameCol="role_name"/> > > And finally this in the webapp's web.xml, > > <security-constraint> > <web-resource-collection> > <web-resource-name>ProtectedApp</web-resource-name> > <url-pattern>/*</url-pattern> > <http-method>POST</http-method> > <http-method>GET</http-method> > </web-resource-collection> > <auth-constraint> > <description>name the security roles that are allowed to > access</description> > <role-name>administrator</role-name> > <role-name>user</role-name> > </auth-constraint> > </security-constraint> > > The alternative is to set up a separate webapp for each > company that wishes to use our service but that really isn't > scalable and doesn't allow for users to self-register and > be up-and-running without administrator intervention. > > Has anybody solved this problem ? Thank you in advance, > > Soefara. > > > > > > _________________________________________________________________ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>