First, I'd love to redirect you to Orion-Interest mail list, however, the list has been out of operation for 3 months(the server broke... Yawl...). However, I can refer you to the archives for the list (luckily hosted elsewhere):
http://www.mail-archive.com/orion-interest%40orionserver.com/ Here's all there is on UserManagers: http://www.mail-archive.com/cgi-bin/htsearch?method=and&format=short&con fig=orion-interest_orionserver_com&restrict=&exclude=&words=UserManager Here's all my pieces on UserManagers: http://www.mail-archive.com/cgi-bin/htsearch?method=and&format=short&con fig=orion-interest_orionserver_com&restrict=&exclude=&words=UserManager+ Lorandi Here's an interesting couple of articles in the list on the UserManagers topic: http://www.mail-archive.com/[email protected]/msg08826.html http://www.mail-archive.com/[email protected]/msg08795.html http://www.mail-archive.com/[email protected]/msg08793.html http://www.mail-archive.com/[email protected]/msg08795.html I never used DataSourceUserManager, because my PoCs proved it didn't work well, as it doesn't allow complete flexibility in creating roles after deployment. You'd also like to check out OSUser, a framework of UserManagers that is platform independent. It's available at: http://www.opensymphony.com/ Since the original Orion tech support wasn't all that great(for "historical" reasons), three sites sprung to provide support; Orion Support is completely free: http://www.orionsupport.com Here's their article on implementing a custom user manager, by Joe Walnes(he's part of the core OpenSymphony dev team): http://www.orionsupport.com/articles/usermanager.html Then, the other two sites handle some free support services(articles, mailing lists), and some services are given for a fee: http://www.atlassian.com http://www.elephantwalker.com/ And, of course, you can hire me to do it in less than 20 man hours ;-).... Anyway, for free, here's a tip: implement your UserManager from scratch. It took me < 20 man hours, and I had lots of figuring out to do the first time I did it; it's soooooooooo easy, you'll tackle it in no time. But don't extend any class, not even AbstractUserManager... HTH, Juan Pablo Lorandi Chief Software Architect Code Foundry Ltd. [EMAIL PROTECTED] Barberstown, Straffan, Co. Kildare, Ireland. Tel: +353-1-6012050 Fax: +353-1-6012051 Mobile: +353-86-2157900 www.codefoundry.com > -----Original Message----- > From: A mailing list for Enterprise JavaBeans development > [mailto:[EMAIL PROTECTED]] On Behalf Of Karr, David > Sent: Wednesday, August 28, 2002 8:51 PM > To: [EMAIL PROTECTED] > Subject: OC4J: Writing class derived from DataSourceUserManager > > > In our application which we're building for OC4J, we need to > validate users against our database "UserProfile" object, so > it's logical to use the DataSourceUserManager class. We also > have to write log events (into a database table) whenever > there is a "login event" (login, logout, incorrect password, > nonexistent user, etc.). Therefore, it seems logical to > write a class derived from DataSourceUserManager, all of > whose methods call the superclass methods (including > "init()"), but which logs the results in a database table. > > I tried doing this, and I was able to compile it and set it > up to be used by OC4J. When I started OC4J, it hit the > breakpoint in the "init()" method of my subclass, and I > verified the Properties list was what I set in the > "application.xml" file (orion-application element). However, > none of the other methods were used. I set breakpoints in > all the methods of the subclass (all derived from the > superclass), and none of them were hit when I tried to login > to the application. The login attempt sent me to the login > error page, but I'm not certain exactly what made that decision. > > I also tried writing a subclass of the "SimpleUserManager" > class, which internally creates a DataSourceUserManager > class, and uses the same set of properties, so I can pass > them directly to the DSUM instance's "init()" method. > However, I still have the same problem, in that the "init()" > method gets called, but none of the validation methods are > called when I try to log into the application. > > In case it matters, here is the excerpt from my "web.xml" > which shows the security area, and the excerpt from my > "application.xml" (the "orion" version, not the "j2ee" > version) that shows the UserManager specification. I also > include the "LoggingUserManager" class that I wrote. > > web.xml excerpt: > ------------------- > <security-constraint> > <web-resource-collection> > <web-resource-name>projname</web-resource-name> > <url-pattern>/main/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>analyst</role-name> > <role-name>administrator</role-name> > </auth-constraint> > <user-data-constraint> > <transport-guarantee>NONE</transport-guarantee> > </user-data-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <realm-name>Projname</realm-name> > <form-login-config> > <form-login-page>/login/login.jsp</form-login-page> > <form-error-page>/login/error.jsp</form-error-page> > </form-login-config> > </login-config> > > <security-role> > <description>A user allowed to make administrative > changes</description> > <role-name>administrator</role-name> > </security-role> > > <security-role> > <description>Data Analyst</description> > <role-name>analyst</role-name> > </security-role> > ------------------- > > application.xml excerpt: > ------------------- > <user-manager class="....common.utils.LoggingUserManager"> > <property name="table" value="UserProfileBean"/> > <property name="userNameField" value="userId"/> > <property name="passwordField" value="password"/> > <property name="dataSource" value="jdbc/OracleDS"/> > <property name="groupMembershipTableName" > value="GroupMembershipBean"/> > <property name="groupMembershipGroupFieldName" value="groupName"/> > <property name="groupMembershipusernameFieldName" > value="userId"/> </user-manager> <security-role-mapping > name="administrator"> > <group name="administrators"/> > </security-role-mapping> > > <security-role-mapping name="analyst"> > <group name="analysts"/> > </security-role-mapping> > <library > path="C:\cygwin\home\c-dkarr\java\felix2\j2ee\oc4jConfig\build > \felix-oc4jCon > fig.jar"/> > ------------------- > > LoggingUserManager.java (minus package and imports): > ------------------- > public class LoggingUserManager extends SimpleUserManager > { > private DataSourceUserManager dataSourceUserManager = > new DataSourceUserManager(); > > public void init(Properties properties) > throws InstantiationException > { > dataSourceUserManager.init(properties); > } > > protected boolean userExists(String userId) > { > com.evermind.security.User user = > dataSourceUserManager.getUser(userId); > boolean result = (user != null); > System.out.println("userExists. userId[" + userId + > "] result[" + result + "]"); > return (result); > } > > protected boolean checkPassword(String userId, String password) > { > com.evermind.security.User user = > dataSourceUserManager.getUser(userId); > boolean result = (user.authenticate(password)); > System.out.println("checkPassword. userId[" + userId + > "] password[" + password + > "] result[" + result + "]"); > return (result); > } > > protected boolean inGroup(String userId, String groupName) > { > com.evermind.security.User user = > dataSourceUserManager.getUser(userId); > com.evermind.security.Group group = > dataSourceUserManager.getGroup(groupName); > boolean result = (user.isMemberOf(group)); > System.out.println("inGroup. userId[" + userId + > "] groupName[" + groupName + > "] result[" + result + "]"); > return (result); > } > } > ------------------- > > ============================================================== > ============= > To unsubscribe, send email to [EMAIL PROTECTED] and > include in the body of the message "signoff EJB-INTEREST". > For general help, send email to [EMAIL PROTECTED] and > include in the body of the message "help". > =========================================================================== To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff EJB-INTEREST". For general help, send email to [EMAIL PROTECTED] and include in the body of the message "help".
