Thank you for the reply Vic. >From: "Vic C." <[EMAIL PROTECTED]> >That is a frequent need. > >What is needed is the concept of "organization", a 3rd field in every db >table.
Yes, I've done something like that too. But have therefore found that the Tomcat out-the-box JDBCRealm setup (using server.xml, web.xml as I described below) is not flexible in any way. So it looks like I too will have to use a manual authentication which I had hoped to avoid in the name of standardization. Oh well. >I know how to manualy code (using getuserpricipal and a bean) but >nothing automatic I can think of. Why use getUserPrincipal ? I thought we were supposed to use request.getRemoteUser() ? Also, may I ask by what you mean "a bean" for this ? I really like to design code (including Javabeans) so that they will run in standalone applications, as well as in the servlet container environment. Is it possible to design an authentication mechanism that is not dependent upon the servlet container (eg. Tomcat) ? Soefara. >Vic > >Soefara Redzuan wrote: > > I've setup a JDBCRealm for Tomcat using MySQL. It works OK > > but the database schema is not good for an ASP (application > > service provider) model. For example, I would like several > > companies to use the same webapp (each company should not > > know of the other's existence) and each should be able to > > create a user 'admin' and a user 'david' but in the way that > > JDBCRealm is currently configured only one instance of any > > user name is possible since it is the primary key in the users > > table. Is there a better way to do this ? > > > > I followed instructions found on many websites for setting up > > a JDBCRealm. > > > > The table schema is > > > > create table user_groups ( > > group_id int not null auto_increment, > > group_name char(24), > > parent_id int not null default -1, > > primary key(group_id) > > ); > > > > create table users ( > > user_name varchar(32) not null, > > user_pass varchar(32) not null, > > user_groupid int not null default -1, > > primary key(user_name) > > ); > > > > create table user_roles ( > > user_name varchar(15) not null, > > role_name varchar(15) not null, > > primary key (user_name, role_name) > > ); > > > > And in Tomcat's server.xml I have this in the appropriate context, > > > > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > > driverName="org.gjt.mm.mysql.Driver" > > connectionURL="jdbc:mysql://servername/databasename" > > userTable="users" userNameCol="user_name" userCredCol="user_pass" > > userRoleTable="user_roles" roleNameCol="role_name"/> > > > > And finally this in the webapp's web.xml, > > > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>ProtectedApp</web-resource-name> > > <url-pattern>/*</url-pattern> > > <http-method>POST</http-method> > > <http-method>GET</http-method> > > </web-resource-collection> > > <auth-constraint> > > <description>name the security roles that are allowed to > > access</description> > > <role-name>administrator</role-name> > > <role-name>user</role-name> > > </auth-constraint> > > </security-constraint> > > > > The alternative is to set up a separate webapp for each > > company that wishes to use our service but that really isn't > > scalable and doesn't allow for users to self-register and > > be up-and-running without administrator intervention. > > > > Has anybody solved this problem ? Thank you in advance, > > > > Soefara. > > _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>