You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by jmuller <je...@gmail.com> on 2007/09/21 15:14:42 UTC
Re: Authentication and authorization questions
Christopher Schultz-2 wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> ...
>> How can you use JDBCRealm or DataSourceRealm with [numeric] foreign keys
>> from roles
>> table to user table, rather than requiring the roles table to duplicate
>> whatever field (e.g. username, email address) will actually be entered
>> into
>> the login screen?
>
> You can't. You'd have to write your own Realm implementation.
>
>> I ask because using simple text-matching rather than using
>> the primary key of the user table seems a bit inefficient
>
> Are you sure about that? You might want to do a performance test on your
> database. You're likely to find that string matching is /very/ fast,
> especially if you have the columns indexed (and you really should).
>
>> but more
>> importantly it may be disallowed from data standards in some
>> organizations.
> ...
>
Hello,
I've got the same problem of a foreign key with 3 tables (generated by
hibernate) for user and roles:
- one UserTable with id, name and password,
- one RoleTable with id and name
- one RelationTable with userId and roleId
I've written my own DataSourceRealm that overwrite Tomcat's one, and put the
jar in server/lib.
It only overwrites the getRoles() method to change the SQL statement. See
source here: http://www.nabble.com/file/p12820411/DataSourceRealm.java
DataSourceRealm.java (free to use/modify/comment) !
--
View this message in context: http://www.nabble.com/Authentication-and-authorization-questions-tf4345698.html#a12820411
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Authentication and authorization questions
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jean,
jmuller wrote:
> I've written my own DataSourceRealm that overwrite Tomcat's one, and put the
> jar in server/lib.
> It only overwrites the getRoles() method to change the SQL statement. See
> source here: http://www.nabble.com/file/p12820411/DataSourceRealm.java
> DataSourceRealm.java (free to use/modify/comment) !
I do have one comment:
> finally {
> try {
> if (rs != null) {
> rs.close();
> }
> if (stmt != null) {
> stmt.close();
> }
> } catch (SQLException e) {
> containerLog.error(
> sm.getString("dataSourceRealm.getRoles.exception",
> username));
> }
> }
>
I could use separate try/catch blocks for each close() call... you
wouldn't want the ResultSet.close call to fail and then never call
Statement.close().
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG8/6i9CaO5/Lv0PARAgTPAJ9se1N5+CdC42qnfgEYzJHDj1EAPACgn9uO
1Kuy4n+S/wTnDppdyE3bMKQ=
=53g3
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Authentication and authorization questions
Posted by jmuller <je...@gmail.com>.
I talk about hibernate because of the model, not hibernate. My problem was
the use of userName as the foreign key in role table : my (generated
standard) model is made with 3 tables and ids as foreign keys, which is not
compatible with DataSourceRealm 2 tables model.
mgainty wrote:
>
> possible OpenSessionInViewFilter problem
> which version hibernate are you implementing with?
>
> M--
> ----- Original Message -----
> From: "jmuller" <je...@gmail.com>
> To: <us...@tomcat.apache.org>
> Sent: Friday, September 21, 2007 9:14 AM
> Subject: Re: Authentication and authorization questions
>
>
>>
>>
>> Christopher Schultz-2 wrote:
>> >
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > ...
>> >> How can you use JDBCRealm or DataSourceRealm with [numeric] foreign
> keys
>> >> from roles
>> >> table to user table, rather than requiring the roles table to
>> duplicate
>> >> whatever field (e.g. username, email address) will actually be entered
>> >> into
>> >> the login screen?
>> >
>> > You can't. You'd have to write your own Realm implementation.
>> >
>> >> I ask because using simple text-matching rather than using
>> >> the primary key of the user table seems a bit inefficient
>> >
>> > Are you sure about that? You might want to do a performance test on
>> your
>> > database. You're likely to find that string matching is /very/ fast,
>> > especially if you have the columns indexed (and you really should).
>> >
>> >> but more
>> >> importantly it may be disallowed from data standards in some
>> >> organizations.
>> > ...
>> >
>>
>> Hello,
>> I've got the same problem of a foreign key with 3 tables (generated by
>> hibernate) for user and roles:
>> - one UserTable with id, name and password,
>> - one RoleTable with id and name
>> - one RelationTable with userId and roleId
>>
>> I've written my own DataSourceRealm that overwrite Tomcat's one, and put
> the
>> jar in server/lib.
>> It only overwrites the getRoles() method to change the SQL statement. See
>> source here: http://www.nabble.com/file/p12820411/DataSourceRealm.java
>> DataSourceRealm.java (free to use/modify/comment) !
>> --
>> View this message in context:
> http://www.nabble.com/Authentication-and-authorization-questions-tf4345698.h
> tml#a12820411
>> Sent from the Tomcat - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Authentication-and-authorization-questions-tf4345698.html#a12824172
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org