On Tue, 4 Sep 2001, Jim Cheesman wrote:
> Date: Tue, 04 Sep 2001 09:10:06 +0200
> From: Jim Cheesman <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: Limits on the size of the web.xml file?
>
>
> >
> >Consider that you might have the mailboxes for a particular user defined
> >in a database table called "mailboxes", with columns "username" and
> >"mailboxname". It would be easy to construct an SQL statement like this:
> >
> > select mailboxname from mailboxes
> > where username = xxx
> >
> >and replace xxx by the value returned from request.getRemoteUser(). This
> >would allow the user access *only* to his or her own mailboxes.
>
> Assuming, of course, that your users are using the same machine / login id
> - not necessarily the case in, for example, a university with shared
> machines...
>
Why would you need to make this assumption?
The "username" we are talking about here is the one stored in something
like JDBCRealm for the servlet container -- it need not (and probably
should not) have anything to do with logon ids on the actual servers. It
would actually be the set of users that have subscribed to the mailbox
service, in this particular use case.
In a distributed environment, all the servlet containers would be talking
to the same database (or mirrors of the same database), so they would see
identical sets of valid users, no matter which server your particular
session got assigned to.
>
> Still, you're going to need to do something like that.
>
>
Craig
