I'm looking into creating a membership management system for a society that I belong to .. and I would like to know what my login management options are..
Dan, I've been looking into the message of "Wed, 23 Feb 2011 23:21:22 +0000", where you refer to replacing DomainObjectContainerDefault with a "MyDomainObjectContainer", which in turn overrides the getUser() method. Will this still work? I can't find most of the referenced classes, so I assume they've been renamed / moved since then... hmm and I can't subclass UserMemento as advised, as it is marked "final"... Mostly, I see that I have two options: The application always logs in with a dummy user, and I manage user accounts with "dummy" service methods that emulate login/logout. I would just need some mechanism to track wether a dummy login has occurred, and that the dummy logged in user must be available between server requests. I am already providing "hideXXX" methods to manage guest/normal/admin access to service methods. The other option is to use a real Isis authentication. The issue here is how do "new users" sign-on? Provide instructions with "login in first with user A".. then create an account application (using exposed service methods?) I know it's terrible for production use, but for prototyping, does the file- based authentication engine re-read the password file with every login? Can I use Isis to manually add new entries, that will be picked up immediately ? Regards, Kevin
