Hi Ignacio, I don't see how views will solve this problem. I'm not so much concerned with reading user and role data as I am with updating it. Somehow the two tables need to be linked by some common identifier. The current JDBRealm assumes that identifier is the username. My concern with this is that if a user decides to change his username from iganciojortega to ignacio_j_ortega, I'd also have to change the corresponding records in the roles table and any other table that uses username as a foreign key. This is needlessly error-prone. It requires the developer to track and code for every single such dependency. Instead, I prefer to make the keys be some value that a user will never even know about. So, for example, I would add an 'id' column to each table that serves as the primary key. The roles table would have a foreign key that would contain the value of the id column in the users table. That id would never change, no matter what else changed in the users table.
My changes are backwards-compatible. Even if you choose not to design your tables the way I do, you can still leave your data alone and set the userPrimaryKeyCol and userForeignKeyCol to have the same value as userNameCol. In that case, everything will work as it did before. thanks john gregg -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g]On Behalf Of Ignacio J. Ortega Sent: Tuesday, March 05, 2002 2:45 AM To: 'Tomcat Developers List'; '[EMAIL PROTECTED]' Subject: RE: [PATCH] change JDBCRealm to add flexibility in table layout Why do not use simply a views, instead of real tables..?? This way you doesnt need to do any changes in JDBCRealm to be able to use whatever column you like to join roles and users tables.. ( that seems what you are looking for , arent you?) If more is needed please explain why.. perhaps i dont understand fully what you need .. And sure, the view method will not work with mysql ( doesnt have views afaik ).., but will for postgress AFAIK.. Saludos , Ignacio J. Ortega -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>