Question about Tomcat Authentication

Hi i am trying to develop a web application using MVC architecture, but am having a problem.

I have two different types of users who will have access to different funcionality within the system. They will both need to login to the system before getting access to their own parts of the application.

Would Tomcat Authentication using a database work for this type of requirement? or would i be better of handling the login system my self?

It sounds like using Tomcat Realms might be sufficient, but sometimes only during the actual implementation does it transpire that they're not. If all you ever need to know about a user are his user name, and whether or not he has been assigned certain roles, then it should be sufficient.

Ulf Dittmer wrote:It sounds like using Tomcat Realms might be sufficient, but sometimes only during the actual implementation does it transpire that they're not. If all you ever need to know about a user are his user name, and whether or not he has been assigned certain roles, then it should be sufficient.

One of the types of users is student and i will have a student class. So when a student is removed from the system i will need to delete the corresponding user in the realm.Same for the other user type (Staff). I was thinking i could use a foriegn key in the classes that points to their username in the realm table.

Its hard to work out this stuff when ive never created a web application. I guess il just have to start implementing and hope i havn't made any big mistakes in design.

That sounds doable. See the documentation of the JDBCRealm (or DataSourceRealm) for the requirements the DB tables need to satisfy in order to be usable from within a Realm.

Ulf Dittmer wrote:That sounds doable. See the documentation of the JDBCRealm (or DataSourceRealm) for the requirements the DB tables need to satisfy in order to be usable from within a Realm.

Ok. Thanks for the advice.