I want group based security in my application. However I don't understand how to use it.
Looking at the two different database schemas from the appendix, I got some questions. Am I supposed to extend the group_members table with password, enabled, first name etc? Or am I supposed to have another table named for instance user which hold this info? If I need, why do I need the group_member table?
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/appendix-schema.html
It is not compulsory to use group table. you can also use single or two table for authentication. Refer the following link for reference.
http://www.mkyong.com/spring-security/spring-security-form-login-using-database/
Related
I am creating CRUD application for customer . and he asked me to allow him to create new Fields in a form (database columns) without restarting the application server. which JPA implementation should I use (hibernate , eclipselink ,openjpa)
to accomplish this task and how it will be done?
Please don't change the database schema at runtime.
Assuming, you would add a column to a table. Then you have to add a field in your entity class, too. And the mapping. So you not only have to change a Java class at runtime, at next application start, you must add this field again. No JPA implementation can do that.
Of course, you can use plain JDBC. And instead of entity classes with concrete fields you can use something like a map for your dynamic fields. But you should adapt all your SQL queries according to the presence of dynamic fields. So you need a way to store the information, which dynamic fields are already created. You can do this with another table or use the table meta information. Additionally you have to manage user defined field names. E.g you should avoid SQL keywords, there is a maximum field name length, etc.
Or you can step back and rethink your approach. You have a requirement: Static given fields in a form and the possibility to create dynamic fields.
Why not adapt your data model to that requirement? A data model which is able to handle dynamic form fields. Such flexible datamodel wouldn't need dynamic SQL table field creation. (And JPA can handle that, too.)
The simplest example would be a table with two columns. One for the field name and one for the value (as string). Maybe a third one to identify the type.
Another alternative would be to use a NoSQL database system like a key value store or a document oriented database.
I need to set a limit on how many items a user can add to an order. I therefore wish to have an additional field in my users table (an integer) specifying that limit. I can add the field easily enough, with an alter table statement, but how can I access the new field in my code?
An alternative solution could be to add several roles, one for each limit I need, but that seems unnecessarily cumbersome.
I'm using Jetty 8.1.5 and JDBCLoginService, and I don't have much experience with Jetty at all.
The users table for the JDBCLoginService is not designed for that.
Your requirements have outgrown the role of JDBCLoginService (minimal identity store for authentication).
You'll need to establish a custom LoginService of your own, that will access the Database schemas of your choice, and then you can reuse that same database via the traditional JNDI and DataSource access found in Java Web Containers.
We are developing a new web application. one of the most basic requirement is to audit all entities changes into a separate table.
We would like to use DB triggers for that purpose.
We use MySQL as our RDMBS.
The problem we now foresee is that whenever a trigger is pulled, and insert a new entry for the DB, it cant possibly know the (applicative) user that made the change. (all users have different ids, but spring uses a single user account for the db manipulations.)
Any ideas how to resolve this issue?
We resolved the issue by adding a field to all tables that are being audited of the userId, and on each CRUD operation we made it mandatory to provide it. (for system business logic we use id=0). this way our audit table are being populated with the id itself to be monitored.
We inherit a database and we need to do an API to communicate with it. We are considering the possibility to use JPA / Hibernate, but there is maybe a blocking constraint.
To facilitate maintenance, our predecessors have split a table into multiple with a business parameter.
So, there are some tables named ELEMENT_xxx where xxx is a specific name.
Is it possible to make a JPA entity with a constructor which take the specific name in parameter and then allow to query on the right table?
Thank you
PS:
If not, i think the solution could be to create an entity for each table. But we don't know how many tables they have, and we understood that they can create new.
Kind of a higher level question here.I've got a web application that is fairly simple. There are three seperate "objects" in the application. A Filter, an Authorization, and a Job. Each Job has to have a Filter and an Authorization to run.
Now a user of this application can create any of these objects and they are all linked to that specific user. Now however, the requirements state that they'd like to implement sharing. So a user can share their created items with other users. Honestly I'm just not sure of the best method to implement such a feature and am hoping someone can provide some ideas.
In the DB, each record has a user column that identifies the user who created it. I initially thought of adding a shareUser column, but that wouldn't really work since each record could be shared with multiple users. I'm just not sure the best way to tie these all together. Do I need an entirely new table in the DB that link's users to shared records?
Any thoughts on this would be appreciated. Thank you.
Yes, you do need a new table for each type of record you need to be "owned". You should use cross reference tables for this case.
something like:
userFilter
- userId
- filterId
If a user can only share a record they exist, you should have a createdByUserId column on the particular table.