>From: [EMAIL PROTECTED] (Will Hartung) > > I've setup a JDBCRealm for Tomcat using MySQL. It works OK > > but the database schema is not good for an ASP (application > > service provider) model. For example, I would like several > > companies to use the same webapp (each company should not > > know of the other's existence) and each should be able to > > create a user 'admin' and a user 'david' but in the way that > > JDBCRealm is currently configured only one instance of any > > user name is possible since it is the primary key in the users > > table. Is there a better way to do this ? > >I'm not familiar enough with MySQL, but I'll toss this out. > >Since you can configure your Realms on a Webapp basis, that may give you >the >flexibility you need. > >For example, if you were using, say, Oracle, or most any other database >that >has a concept of User ownership for its tables (most DBs do, MySQL may do >this, I don't know), you could set up seperate Users or Schemas in the >database for each Client Webapp. This way, each client would have access to >their own versions of the tables. You would distinguish the realms by each >having their own login to the client database with a client specific >username/password for the database.
Yes, but this adds complexity due to different table names for different clients. I like to keep things simple. So, I can do what you suggest except with different databases (running on the same MySQL instance) for different customers and webapps. That's my current setup. >If you'd rather share the tables (for whatever reason), perhaps you could >make views on a master table that's limited by the client id. I do prefer to share the tables. The reason is that you can easily set up new clients and customers without restarting Tomcat. Better yet, users can register and sign-up themselves, something that's not possible if I have to set up a different database for them, with its own JNDI resource configuration in server.xml >These views would be placed in the appropriate client schemas and shadow >the >master table in a central schema. Something like CREATE VIEW >CLIENT1.USERS(user_name, user_pass, user_goupid) AS SELECT user_name, >user_pass, user-groupid FROM MASTER.USERS WHERE CLIENTID = 'CLIENT1'. I'll have to investigate this use of views. It's something I'd never considered before and looks very useful. >Finally, if you look at >$CATALINA_HOME/src/share/org/apache/cataline/realm/JDBCRealm.java, it looks >pretty darn simple to tweak that to do whatever you want, or, better, to >subclass and change the relevant methods (not many from the looks of it). >The only fear here is that the TC team can change JDBCRealm behind your >back >in a later release. I'd much rather avoid something this drastic. It would be better for me to write a filter and use custom authentication I believe. >Stick the pertinent webapp specific entries into ENV-ENTRY, and you can do >all sorts of scary things I would think. Thank you, Soefara. _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
