Hibernate 3.0


I have been able to run simple queries using hql on single databases. Today I have my first join and I am a bit lost.

I have two tables. User and Password. When a user logs into my site, I grab the username and password, and populate a bean called UserObject with the username, and password.

I want to be able to query the database using this "UserObject" and have that query do something like.

select u.* from
user u, password p
where username = 'u.getUsername()' and p.password = 'user.getPassword()'

If it finds the usrname, and password in the database, then it populates the bean, else it populates a invalid user method call or something like that.

I would like to do this the most OO way, and could use help on how to make a mapping that does this, and what type of query to use.

Thanks,

having the username and password in different tables doesn't seem like it would work

Creating a user table and a password table makes perfect sense. This allows expiration of passwords, and the ability to have the user create a "different" password than the last X(number).


I am sure hibernate can easily tackle this, and think your answer is the most pathetic I have seen.

I have honestly never heard of putting the password in a separate table as you can easliy have expiration of passwords and make sure they have different passwords with one table. I am a newbie to hibernate myself, but this is the basic idea behind usernames/passwords

// sql

create table user
(
userId int identity,
userName varchar(20),
password varchar(20),
passwordDate datetime,
primary key(userId)
)

// java

private UserDB udb = new UserDB(); // your database class
public User login(string userNameText, string passwordText)
{
try
{
User u = new User(userNameText, passwordText);
if (udb.login(u)) //requires database code
//login user

to require different passwords
public boolean changePassword(User u, string newPassword)
{
if(u.getPassword() == newPassword)
//not a valid new password

to expire passwords
SELECT * FROM Users WHERE passwordDate < getdate()-30

hope that helps,
cheers!

I thought my pathetic answer was a great question, because that query above would allow any user to use any password for validation

for simplicity's sake, I'd create a view with the join between the two tables which picks off the username and current password and has those two as the only two results. Map a simple POJO to that for checking if the user exists (valid user). This saves us from loading some unneeded data at this point.

Then, map a class for your user table and iff the user is validated, the application loads the user class with the user's data

no HQL or collections involed, just session.load commands, keeping the code and mappings simple


ofcourse, you can use collections and map a class to each table if you'd like/need to head down that route