There should be a tutorial arriving for this 'shortly', however in the
meantime this should be enough to get you going:
Implement the UserManager, User, and Group classes. (for example,
MyUserManager, MyUser, MyGroup).
The UserManager probably just needs to look like this for now:
public class MyUserManager extends AbstractUserManager {
public User getUser(String userName) {
if (userName == null)
return null;
return new MyUser(userName);
}
public Group getGroup(String groupName) {
if (groupName == null)
return null;
return new MyGroup(groupName);
}
}
You may need to implement some of the other methods too depending on your
requirements, but that should be a good start.
For the MyUser class, just implementing the constructor, authenticate() and
isMemberOf() should be enough for starters:
public class MyUser implements User {
private String username;
public MyUser(String username) {
this.username = username;
}
public boolean authenticate(String password) {
if (username == null)
return false;
// Lookup the user 'username', and compare the password supplied
// with their real password (possibly using a password hashing
function).
// ...
return ((password != null) && (password.equals(realPassword)));
}
public boolean isMemberOf(Group group) {
if (username == null)
return false;
// Do whatever you need to do to see if the user is in the group,
// and return true or false accordingly. Eg, find the username and
// the groupname as a matching pair in a user<->group mapping table.
}
}
The Group class can be very simple, for example as a minimum you can get
away with:
public class MyGroup implements Group {
String groupname;
public MyGroup(String groupname) {
this.groupname = groupname;
}
public String getName() {
return groupName;
}
}
Now you need to set up your orion-application.xml and web.xml files as per
the <orion>/docs/orion-application-xml.html and <orion>/docs/web-xml.html
files.
Eg, add to orion-application.xml your role->group mappings, eg:
<security-role-mapping name="sr_editor">
<group name="editor" />
</security-role-mapping>
and the the UserManager class, eg:
<user-manager class="com.mycompany.security.MyUserManager">
</user-manager>
In web.xml, add your <security-constraint> tags, the <login-config>, and
your <security-role> tags. There are examples of these tags that come with
orion I think, plus there's the docs, so you should be able to figure this
out easily enough. As a tip, start with BASIC authentication, and change it
to form based or whatever once that is working properly.
That's about it (well, as far as I can remember, there could be a couple of
other minor steps?).
Anyway, orion will now see that a protected resource has been asked for
(because of the <security-constraint> tags), and know to create an instance
of your UserManager class (thanks to the <user-manager> tag). It will use
this to get a User and a Group, and will attempt to authenticate that the
user falls into the correct group (which in turn maps to the correct role).
Apologies for any typo's/errors in the above, I've bashed it out pretty
quickly, but it should definitely point you in the right direction. Good
luck!
----- Original Message -----
From: "Christian Sell" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: Tuesday, October 17, 2000 10:54 AM
Subject: custom user management
> Hi there,
>
> I want to customize orions authentication mechanism to use an existing
user
> database. So far, I understand that I have to create my own UserManager
> class and register it in orion-application.xml. What I dont understand is:
>
> - how do I access the user manager at runtime (e.g., to create users)
> - how do I perform programmatical login (bypassing the login-config from
> web.xml, e.g. from a home page with a login field)
>
> any hints, URLs?
>
> TIA,
> Christian
>
>
>
