I am writing a web application in java that has two different type of users Student & Staff. I want one centralized login for all users but Students must view a different page from teachers .The way I currently implement this is by using one login form and take the username & password and run two queries, one on the student table and one on the staff table. If I get successful response from the user table then I login the user to the student page, otherwise I query the teacher table if I get a successful result I login to the Teachers page, otherwise I give error message that username and password is invalid. What I would like to know is how can I improve this is doing just one query possible and I don’t mind editing the database to facilitate this.
Share
This is too open-ended for a definitive answer, but it’s common to separate authentication from authorization.
One approach to doing this is to have a table of users and a table of roles, with the user table handling authentication and the role table controlling authorization. A user is associated with a role (or maybe even multiple roles) by a join table.
With this approach, login does a query against only the user table to determine that a person is a valid user, and other parts of the application query the role or roles associated with the logged-in user to determine whether access to a specific function is allowed.