Ah sorry, now I see what your problem is. I assume you're trying to
automatically log someone in if they have cookies?
I've never tried it, but I can't see why you couldn't submit the form
parameters yourself for form-based authentication.
i.e. when the <form-login-page> is called, it is actually a JSP page or
servlet that reads the cookie values and posts the j_username/j_password
automatically rather than returning to the client for the values. Sounds
like it might work? If you try this I'd be interested in knowing the
outcome!
Hope this helps.
----- Original Message -----
From: "Christian Sell" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: Tuesday, October 17, 2000 4:22 PM
Subject: Re: custom user management
> Chris,
>
> thanks a lot for your extensive explanation! However, one of my problems
> seems to remain (unless I missed something in your mail). As I mentioned,
I
> want to programmatically perform the login from my main portal page and
> prevent orion from bringing up the login form (or login popup for BASIC
> auth). I do want to keep the security-constraints and have orion perform
> automatic authentication in case a user directly accesses any of the
> protected pages.
>
> This means that after programmatical login I need to enter some
information
> into the session object (or anywhere else) to notify orion that login has
> already been performed. JRun, for example, keeps an AuthenticatedPrincipal
> in the session (although it is undocumented under what attribute name).
>
> Hints? Am I missing something?
>
> thanks, Christian
>
> -----Original Message-----
> From: Chris Miller <[EMAIL PROTECTED]>
> To: Orion-Interest <[EMAIL PROTECTED]>
> Date: Dienstag, 17. Oktober 2000 16:44
> Subject: Re: custom user management
>
>
> >There should be a tutorial arriving for this 'shortly', however in the
> >meantime this should be enough to get you going:
> >
> >Implement the UserManager, User, and Group classes. (for example,
> >MyUserManager, MyUser, MyGroup).
> >
> >The UserManager probably just needs to look like this for now:
> >
> >public class MyUserManager extends AbstractUserManager {
> > public User getUser(String userName) {
> > if (userName == null)
> > return null;
> > return new MyUser(userName);
> > }
> >
> > public Group getGroup(String groupName) {
> > if (groupName == null)
> > return null;
> > return new MyGroup(groupName);
> > }
> >}
> >
> >You may need to implement some of the other methods too depending on your
> >requirements, but that should be a good start.
> >
> >
> >For the MyUser class, just implementing the constructor, authenticate()
and
> >isMemberOf() should be enough for starters:
> >
> >public class MyUser implements User {
> >
> >
> > private String username;
> >
> > public MyUser(String username) {
> > this.username = username;
> > }
> >
> > public boolean authenticate(String password) {
> > if (username == null)
> > return false;
> > // Lookup the user 'username', and compare the password supplied
> > // with their real password (possibly using a password hashing
> >function).
> > // ...
> > return ((password != null) && (password.equals(realPassword)));
> > }
> >
> > public boolean isMemberOf(Group group) {
> > if (username == null)
> > return false;
> > // Do whatever you need to do to see if the user is in the group,
> > // and return true or false accordingly. Eg, find the username and
> > // the groupname as a matching pair in a user<->group mapping table.
> > }
> >}
> >
> >
> >The Group class can be very simple, for example as a minimum you can get
> >away with:
> >
> >public class MyGroup implements Group {
> > String groupname;
> >
> > public MyGroup(String groupname) {
> > this.groupname = groupname;
> > }
> >
> > public String getName() {
> > return groupName;
> > }
> >}
> >
> >
> >Now you need to set up your orion-application.xml and web.xml files as
per
> >the <orion>/docs/orion-application-xml.html and <orion>/docs/web-xml.html
> >files.
> >
> >Eg, add to orion-application.xml your role->group mappings, eg:
> > <security-role-mapping name="sr_editor">
> > <group name="editor" />
> > </security-role-mapping>
> >
> >and the the UserManager class, eg:
> > <user-manager class="com.mycompany.security.MyUserManager">
> > </user-manager>
> >
> >In web.xml, add your <security-constraint> tags, the <login-config>, and
> >your <security-role> tags. There are examples of these tags that come
with
> >orion I think, plus there's the docs, so you should be able to figure
this
> >out easily enough. As a tip, start with BASIC authentication, and change
it
> >to form based or whatever once that is working properly.
> >
> >That's about it (well, as far as I can remember, there could be a couple
of
> >other minor steps?).
> >Anyway, orion will now see that a protected resource has been asked for
> >(because of the <security-constraint> tags), and know to create an
instance
> >of your UserManager class (thanks to the <user-manager> tag). It will use
> >this to get a User and a Group, and will attempt to authenticate that the
> >user falls into the correct group (which in turn maps to the correct
role).
> >
> >Apologies for any typo's/errors in the above, I've bashed it out pretty
> >quickly, but it should definitely point you in the right direction. Good
> >luck!
> >
> >
> >----- Original Message -----
> >From: "Christian Sell" <[EMAIL PROTECTED]>
> >To: "Orion-Interest" <[EMAIL PROTECTED]>
> >Sent: Tuesday, October 17, 2000 10:54 AM
> >Subject: custom user management
> >
> >
> >> Hi there,
> >>
> >> I want to customize orions authentication mechanism to use an existing
> >user
> >> database. So far, I understand that I have to create my own UserManager
> >> class and register it in orion-application.xml. What I dont understand
> is:
> >>
> >> - how do I access the user manager at runtime (e.g., to create users)
> >> - how do I perform programmatical login (bypassing the login-config
from
> >> web.xml, e.g. from a home page with a login field)
> >>
> >> any hints, URLs?
> >>
> >> TIA,
> >> Christian
> >>
> >>
> >>
> >
> >
>
>
>
