问题
Part A: Role vs RoleGroup
Can someone explain the difference between a Role and a RoleGroup in the jboss DatabaseServerLoginModule? I'm confused after looking at the examples in the JBoss 6 documentation
One area of confusion is when they describe the logical tables the user to role mapping table has three columns:
Table Principals(PrincipalID text, Password text)
Table Roles(PrincipalID text, Role text, RoleGroup text)
But the example they offer only uses two columns:
CREATE TABLE Users(username VARCHAR(64) PRIMARY KEY, passwd VARCHAR(64))
CREATE TABLE UserRoles(username VARCHAR(64), userRoles VARCHAR(32))
Is the two columns a typo or can I use the two column user to role mapping table that I am more familiar with and the query creating two columns from a single source column userRoles and now the Roles and RoleGroup will now be the same for this app.
BTW - In traditional jdbcRealm authentication in Glassfish 3 and the earlier jBoss3 it a simple one to many relationship and there is a user_group table where usernames are mapped to the group names.
Part B: The rolesQuery
Does this query need to be revised from:
select userRoles, 'Roles' from UserRoles where username=?
to this:
select userRoles, userRoles as 'Roles' from UserRoles where username=?
In order to function on the UserRoles table or is it okay as it is?
Part C: Mapping the web.xml
In the web.xml will I be constraining resources the userRoles or the Roles column?
回答1:
I was able to get my login working so now I can provide a decent answer to Part B:
Certainly do not need to revise the query. JBoss 6 specifically expects at two column result set where a table will be constructed where username (or principal) matches '?' and the first column will be the group that user is in and the second column is just the entry "Roles".
It is JBoss specific and an example of backing table would be:
username | groupid
--------------
james | admin
james | users
james | backupadmin
admin | admin
and a result set when the username james attempts to login for the rolesQuery would be:
col1 | col2
--------------
admin | Roles
users | Roles
backupadmin | Roles
来源:https://stackoverflow.com/questions/11302397/role-vs-rolegroup-in-jboss-databaseserverloginmodule