We have developed a web application with our own user/group schema.
Creating a UserManager to map our schema seems pretty trivial. What we are
NOT clear on is how to tell Orion that a particular user has logged in.
For example, we start our application with a LOGIN.JSP page, which accepts
user name/password, and proceeds to find the user in the database. After
the user is found/authenticated, we create an HTTP session, and store a
certain User object in the session to tell us who the user is on the next
http request.
How do we introduce J2EE security into this picture. In other words, how do
we tell Orion which user is logged on so that it starts using the security
attributes/group/rights of the deployment descriptors? Do we need to put a
special attribute into the HTTPSession so that Orion knows on behalf of what
user the request is running?
Thanks.
-AP_
