You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by jmuller <je...@gmail.com> on 2007/09/21 15:14:42 UTC

Re: Authentication and authorization questions


Christopher Schultz-2 wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> ...
>> How can you use JDBCRealm or DataSourceRealm with [numeric] foreign keys
>> from roles
>> table to user table, rather than requiring the roles table to duplicate
>> whatever field (e.g. username, email address) will actually be entered
>> into
>> the login screen?
> 
> You can't. You'd have to write your own Realm implementation.
> 
>> I ask because using simple text-matching rather than using
>> the primary key of the user table seems a bit inefficient
> 
> Are you sure about that? You might want to do a performance test on your
> database. You're likely to find that string matching is /very/ fast,
> especially if you have the columns indexed (and you really should).
> 
>> but more
>> importantly it may be disallowed from data standards in some
>> organizations.
> ...
> 

Hello,
I've got the same problem of a foreign key with 3 tables (generated by
hibernate) for user and roles:
- one UserTable with id, name and password,
- one RoleTable with id and name
- one RelationTable with userId and roleId

I've written my own DataSourceRealm that overwrite Tomcat's one, and put the
jar in server/lib.
It only overwrites the getRoles() method to change the SQL statement. See
source here:  http://www.nabble.com/file/p12820411/DataSourceRealm.java
DataSourceRealm.java  (free to use/modify/comment) !
-- 
View this message in context: http://www.nabble.com/Authentication-and-authorization-questions-tf4345698.html#a12820411
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Authentication and authorization questions

Posted by Christopher Schultz <ch...@christopherschultz.net>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jean,

jmuller wrote:
> I've written my own DataSourceRealm that overwrite Tomcat's one, and put the
> jar in server/lib.
> It only overwrites the getRoles() method to change the SQL statement. See
> source here:  http://www.nabble.com/file/p12820411/DataSourceRealm.java
> DataSourceRealm.java  (free to use/modify/comment) !

I do have one comment:

>         finally {
>             try {
>                 if (rs != null) {
>                     rs.close();
>                 }
>                 if (stmt != null) {
>                     stmt.close();
>                 }
>             } catch (SQLException e) {
>                     containerLog.error(
>                         sm.getString("dataSourceRealm.getRoles.exception",
>                                      username));
>             }
>         }
>  

I could use separate try/catch blocks for each close() call... you
wouldn't want the ResultSet.close call to fail and then never call
Statement.close().

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG8/6i9CaO5/Lv0PARAgTPAJ9se1N5+CdC42qnfgEYzJHDj1EAPACgn9uO
1Kuy4n+S/wTnDppdyE3bMKQ=
=53g3
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Authentication and authorization questions

Posted by jmuller <je...@gmail.com>.

I talk about hibernate because of the model, not hibernate. My problem was
the use of userName as the foreign key in role table : my (generated
standard) model is made with 3 tables and ids as foreign keys, which is not
compatible with DataSourceRealm 2 tables model.


mgainty wrote:
> 
> possible OpenSessionInViewFilter problem
> which version hibernate are you implementing with?
> 
> M--
> ----- Original Message -----
> From: "jmuller" <je...@gmail.com>
> To: <us...@tomcat.apache.org>
> Sent: Friday, September 21, 2007 9:14 AM
> Subject: Re: Authentication and authorization questions
> 
> 
>>
>>
>> Christopher Schultz-2 wrote:
>> >
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > ...
>> >> How can you use JDBCRealm or DataSourceRealm with [numeric] foreign
> keys
>> >> from roles
>> >> table to user table, rather than requiring the roles table to
>> duplicate
>> >> whatever field (e.g. username, email address) will actually be entered
>> >> into
>> >> the login screen?
>> >
>> > You can't. You'd have to write your own Realm implementation.
>> >
>> >> I ask because using simple text-matching rather than using
>> >> the primary key of the user table seems a bit inefficient
>> >
>> > Are you sure about that? You might want to do a performance test on
>> your
>> > database. You're likely to find that string matching is /very/ fast,
>> > especially if you have the columns indexed (and you really should).
>> >
>> >> but more
>> >> importantly it may be disallowed from data standards in some
>> >> organizations.
>> > ...
>> >
>>
>> Hello,
>> I've got the same problem of a foreign key with 3 tables (generated by
>> hibernate) for user and roles:
>> - one UserTable with id, name and password,
>> - one RoleTable with id and name
>> - one RelationTable with userId and roleId
>>
>> I've written my own DataSourceRealm that overwrite Tomcat's one, and put
> the
>> jar in server/lib.
>> It only overwrites the getRoles() method to change the SQL statement. See
>> source here:  http://www.nabble.com/file/p12820411/DataSourceRealm.java
>> DataSourceRealm.java  (free to use/modify/comment) !
>> --
>> View this message in context:
> http://www.nabble.com/Authentication-and-authorization-questions-tf4345698.h
> tml#a12820411
>> Sent from the Tomcat - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Authentication-and-authorization-questions-tf4345698.html#a12824172
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org