Обсуждение: how to manage users of web-app
Hi all, I am pretty new to several technologies here. So I am not sure where to go with my question. I am implementing a web based application with servlets, JSP, and JDBC. Here is the plan: 1. System will have a user, 'admin,' who can use the web-application's JSPs, servlets, and JDBC to add and remove members, who are application users with data maintained on the system. 2. members, through the web app, enter data that is theirs, other members, execpt maybe admin aren't to change their data. 3. the web app will also offer the general public access (display only) to membership data by categories. i.e. accross all members, if the member provided data for the requested category, include the data in the response. Now here is the question, should I set up a member/password table and manage the member access through my database or can I/should I use postgres user accounts somehow? This sounds like a pretty typical need. Is there some reading I need to do? Where? Sam Deel =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Everybody's got to believe in something, I believe I'll have another beer... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This isn't the right forum, but anyways... you have two options here. tomcat has database authentication built in, or you can do it manually. You will want set up a table, not use the postgres users table, this is a BAD idea. Dave On Tue, 2002-08-20 at 16:35, sdeel wrote: > Hi all, I am pretty new to several technologies here. So I am not sure > where to go with my question. I am implementing a web based application > with servlets, JSP, and JDBC. Here is the plan: > > 1. System will have a user, 'admin,' who can use the web-application's > JSPs, servlets, and JDBC to add and remove members, who are application > users with data maintained on the system. > > 2. members, through the web app, enter data that is theirs, other members, > execpt maybe admin aren't to change their data. > > 3. the web app will also offer the general public access (display only) to > membership data by categories. i.e. accross all members, if the member > provided data for the requested category, include the data in the response. > > Now here is the question, should I set up a member/password table and manage > the member access through my database or can I/should I use postgres user > accounts somehow? This sounds like a pretty typical need. Is there some > reading I need to do? Where? > > > Sam Deel > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Everybody's got to believe in something, I believe I'll have another beer... > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > ---------------------------(end of broadcast)--------------------------- > TIP 3: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to majordomo@postgresql.org so that your > message can get through to the mailing list cleanly > >
You should use container-managed security, which is defined in the
Servlet specification, to deal with users' access rights. The nice
things is that most containers (including our beloved Tomcat) can be
told to load users' profiles from any kind of database, (including our
beloved PostgreSQL), which is officially Pretty Cool TM.
Here is a snippet of my server.xml :
<Realm  className="org.apache.catalina.realm.JDBCRealm" debug="99"
             driverName="org.postgresql.Driver"
          connectionURL="jdbc:postgresql://localhost/db_name"
          connectionName="user"
          connectionPassword="password"
          digest="MD5"
          userTable="awas_user" userNameCol="email"
userCredCol="password"
          userRoleTable="awas_user_role" roleNameCol="user_role" />
However, this isn't strictly related to Postgresql, so you should try to
learn how does your container perform this kind of things.
Best Regards
David Garnier
le mar 20-08-2002 à 22:35, sdeel a écrit :
> Hi all, I am pretty new to several technologies here.  So I am not sure
> where to go with my question.  I am implementing a web based application
> with servlets, JSP, and JDBC.  Here is the plan:
>
> 1.  System will have a user, 'admin,' who can use the web-application's
> JSPs, servlets, and JDBC  to add and remove members, who are application
> users with data maintained on the system.
>
> 2.  members, through the web app, enter data that is theirs, other members,
> execpt maybe admin aren't to change their data.
>
> 3.  the web app will also offer the general public access (display only) to
> membership data by categories.  i.e. accross all members, if the member
> provided data for the requested category, include the data in the response.
>
> Now here is the question, should I set up a member/password table and manage
> the member access through my database or can I/should I use postgres user
> accounts somehow?  This sounds like a pretty typical need.  Is there some
> reading I need to do? Where?
>
>
> Sam Deel
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Everybody's got to believe in something, I believe I'll have another beer...
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
>
--
Website: http://dgarnier.etudier-online.com
PGP key: http://www.davidgarnier.com/public_gpg_key.txt