• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Using DatabaseServerLoginModule of JBoss

 
Meg Adal
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am developing a login page for a website where username,pwd are in database.I am using DatabaseServerLoginModule with FORM-Based authentication.

If we use DatabaseServerLoginModule, we need 2 tables
1. For Principal i.e. table with username,pwd say Users.
2. For Roles i.e. table with username,role,rolegroup.

In my case we don't have this Roles tables.
so I twisted the "roleQuery" entry in <application-policy> in login-config.xml and hardcoded the role

So basically I am using DatabaseServerLoginModule only for authentication but not for autherization.

My question :
Which once will be faster
using DatabaseServerLoginModule or
Adding new class to validate the password from database.

Thanks in advance.
[ July 20, 2005: Message edited by: Meg Adal ]
 
norman richards
Author
Ranch Hand
Posts: 367
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I may be forgetting about a configuration option somewhere, but a custom module would definitely work. You'd probably only need to override one or two methods so it wouldn't be much to write.

I wouldn't worry about it though. One extra query at login won't impact your performance. JBoss caches the credentials so it doesn't need to check on every request. I'm willing to bet it's not even in your top 25 performance optimizations for the app.
 
Meg Adal
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Norman for the reply.

You got my point
I was little skeptical about the extra query for "Roles" in case of DatabaseServerLoginModule (which is not needed for our login page as we don't have roles).

So I have following 2 optoins :
1. Customize DatabaseServerLoginModule (which will execute 2 queries one on Users table and other on Roles table )
OR
2. Don't use DatabaseServerLoginModule at all but define Servlet to query
Users table only.
[ July 21, 2005: Message edited by: Meg Adal ]
 
norman richards
Author
Ranch Hand
Posts: 367
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Option 3 is to create a custom login module which extends DatabaseServerLoginmodule and overrides the roles query to return a static set of roles. This shouldn't be more than 20-30 lines of code.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic