Hi I'm trying to learn authentication and authorization within a web application, and I think I know the basic stuff an maybe a bit more. I just read the Tomcat howto guide on realm, and especially data source realm.
But I think their data base example is a bit strange. They have a table user_roles that consists of a user_name and a role_name. The odd thing is, these fields are not foreign keys, but varchars! This is really not good database design. What if I for some reason want to change a username? I should only have to change the username field in the users table. The same thing goes with the rolename, although a changed rolename would a demand a change in the authorization code within the web application, but as far as the database is concerned I should only have to make the change in a single table. I would like something like this: create table users ( user_id int not null primary key, user_name varchar(15) not null, user_pass varchar(15) not null, ); create table roles ( role_id int not null primary key, role_name varchar(15) not null, ); create table user_roles ( user_roles_id int not null primary key, user_id int not null, role_id int not null, ); Is this possible? I still want to use the built in authentication and authorization. If it is possible, how do I configure it in tomcat? http://tomcat.apache.org/tomcat-5.0-doc/realm-howto.html#DataSourceRealm Regards /Jimi --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]