This message is being sent on the behalf of Ernie Phelps at parts.com since it keeps
rejecting his mails:)
------------------------------
I am having difficulties getting a custom user manager to work. Here are the steps I
have taken:
Implemented User (as TMUser)
Implemented Group (as TMGroup)
Extended AbstractUserManager (as TMUserManager)
Added the following to orion-application.xml:
<user-manager class="com.trademotion.security.TMUserManager"/>
<namespace-access>
<read-access>
<namespace-resource root="">
<security-role-mapping name="<jndi-user-role>">
<group name="administrators" />
</security-role-mapping>
<security-role-mapping name="sr_guest">
<group name="ug_default" />
</security-role-mapping>
</namespace-resource>
</read-access>
<write-access>
<namespace-resource root="">
<security-role-mapping name="<jndi-user-role>">
<group name="administrators" />
</security-role-mapping>
<security-role-mapping name="sr_guest">
<group name="ug_default" />
</security-role-mapping>
</namespace-resource>
</write-access>
</namespace-access>
Added the following to web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Main</web-resource-name>
<url-pattern>/*</url-pattern>
<url-pattern>/list.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>sr_guest</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>TM</realm-name>
</login-config>
<security-role>
<role-name>sr_guest</role-name>
</security-role>
Here is the result:
1. I start Orion. It calls TMUserManager Init.
2. I start the browser, direct it to my controller. It pops the basic
authentication dialog. I enter username and password. TMUserManager.getUser is called.
TMUser.authenticate is called and returns true.
3. The basic authentication dialog pops again. This happens 3 times then fails.
Any idea what I am missing here? I feel I have missed something basic, but can't put
my finger on it. TIA,
- Ernie
------------
Michael A Third
Chief Software Architect
Parts.com
