In my web-application, prior to Orion, I was using Apache with JServ and
GNUjsp - as were many of you I assume! Under that setup, my security
consisted of redirecting users to a login.jsp file or servlet. This file or
servlet would present a form prompting for an email address and password
(there were also links for registering users, and requesting forgotten
passwords) With Orion, it was pretty easy to get the server to redirect to
the login form or servlet for the protected resources, but once there I am
finding difficulty in communicating the user info between the server and my
application.
When a user logs in, I not only get what groups he/she belongs to, but I
also store the User ID and their Name in session variables to help customize
their website experience. With JServ, I would perform the authorization in
the login.jsp page, and that would retrieve the User ID and Name and store
these variables in the session [session.putValue(String name, Object
value)]. I could then always substitute these values in the pages/responses
when needed.
Basically, I assume with J2EE, I should use a Session Bean to store info
about a user's session, but how can I link the server authorization
(DataSourceUserManager) to a session bean? This also requires an Entity
Bean for logging info such as storing the last time that a user logged-in.
If using the DataSourceUserManager how do I notify the server that I have
authorized this user, or, conversely, once the server has authorized a user,
how can I get that user's info - such as User ID - from the server?
Thanks,
Jeremy Pierson
