Again, I am not sure if your JSP page can even make this call. I have only
ever used it in the container in a session bean. I seem to remember not being
able to lookup the RoleManager from my servlet. I think you would have to have
every SB method call this. Which is why I suggested using the InitialContext
approach, which is portable across servers, and I think it scales better. Alas,
it is pre-empted by a bug in Orion in that servlets don't properly initialize
the credentials on the first (or in my case, all) use.
tim.
> Tim, this IS what I am looking for, but does it mean that I need to put this
> into every .JSP page that I have? Then, somehow (according to J2EE spec)
> Orion will forward this information to all EJB calls and properly make use
> of the deployment descriptor stuff? So every .JSP page will check the
> session, find the User object which I stored in there, and execute this call
> with the user.login and user.password?
>
> Thanks.
> -AP_
>
> -----Original Message-----
> From: Tim Endres [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 13, 2001 3:04 PM
> To: Orion-Interest
> Cc: Alex Paransky
> Subject: Re: How to enable UserManager support for arbitrary user...
>
>
> Is this what you are looking for?
>
> RoleManager roleMgr = (RoleManager)
> (new InitialContext()).lookup( "java:comp/RoleManager" );
> roleMgr.login( "user", "pass" );
>
> Unfortunately, I think that can only run in the container. To accomodate
> multiple logins under a servlet, we used to use a new InitialContext on
> every servlet request and set the appropriate JNDI properties for each
> InitialContext construction.
>
> tim.
>
> > We have developed a web application with our own user/group schema.
> > Creating a UserManager to map our schema seems pretty trivial. What we
> are
> > NOT clear on is how to tell Orion that a particular user has logged in.
> >
> > For example, we start our application with a LOGIN.JSP page, which accepts
> > user name/password, and proceeds to find the user in the database. After
> > the user is found/authenticated, we create an HTTP session, and store a
> > certain User object in the session to tell us who the user is on the next
> > http request.
> >
> > How do we introduce J2EE security into this picture. In other words, how
> do
> > we tell Orion which user is logged on so that it starts using the security
> > attributes/group/rights of the deployment descriptors? Do we need to put
> a
> > special attribute into the HTTPSession so that Orion knows on behalf of
> what
> > user the request is running?
> >
> > Thanks.
> > -AP_
> >
> >
>
>
