More flexible JDBCRealm implementation ? (for ASP-style webapp)

Tue, 23 Jul 2002 15:47:28 -0700 

I've setup a JDBCRealm for Tomcat using MySQL. It works OK
but the database schema is not good for an ASP (application
service provider) model. For example, I would like several
companies to use the same webapp (each company should not
know of the other's existence) and each should be able to
create a user 'admin' and a user 'david' but in the way that
JDBCRealm is currently configured only one instance of any
user name is possible since it is the primary key in the users
table. Is there a better way to do this ?

I followed instructions found on many websites for setting up
a JDBCRealm.

The table schema is

create table user_groups (
    group_id int not null auto_increment,
    group_name char(24),
    parent_id int not null default -1,
    primary key(group_id)
    );

create table users (
  user_name     varchar(32) not null,
  user_pass     varchar(32) not null,
  user_groupid  int not null default -1,
  primary key(user_name)
);

create table user_roles (
  user_name         varchar(15) not null,
  role_name         varchar(15) not null,
  primary key (user_name, role_name)
);

And in Tomcat's server.xml I have this in the appropriate context,

  <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
          driverName="org.gjt.mm.mysql.Driver"
          connectionURL="jdbc:mysql://servername/databasename"
          userTable="users" userNameCol="user_name" userCredCol="user_pass"
          userRoleTable="user_roles" roleNameCol="role_name"/>

And finally this in the webapp's web.xml,

        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>ProtectedApp</web-resource-name>
                        <url-pattern>/*</url-pattern>
                    <http-method>POST</http-method>
            <http-method>GET</http-method>
                </web-resource-collection>
                <auth-constraint>
                    <description>name the security roles that are allowed to 
access</description>
                        <role-name>administrator</role-name>
                        <role-name>user</role-name>
                </auth-constraint>
        </security-constraint>

The alternative is to set up a separate webapp for each
company that wishes to use our service but that really isn't
scalable and doesn't allow for users to self-register and
be up-and-running without administrator intervention.

Has anybody solved this problem ?  Thank you in advance,

Soefara.





_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to