Re: Torque Security Service

[Wei He]

In ExtendedUser class you provide.  E.g.

In the shcema, I have

<table name="DEPARTMENT" idMethod="native">
  <column name="ID" type="NUMERIC" size="18,0" primaryKey="true" 
required="true" autoIncrement="true"/>
    ......
</table>

<table name="DB_USER" idMethod="idbroker">
  <column name="USER_ID", primaryKey="true" required="true" 
autoIncrement="true"/>
   ....
   ...
   ....
  <column name="DEPARTMENT_ID" type="NUMERIC" size="18,0" required="true"/>
  <foreign-key foreignTable="DEPARTMENT"/>
    <reference local="DEPARTMENT_ID" foreign="ID"/>
  </foreign-key>
</table>

In the ExtendedUser.java

   /**
     * Get department id.
     *
     * @return A BigDecimal contains department id.
     *
     */
    public BigDecimal getDepartmentId()
    {
        return ((DbUser) getPersistentObj()).getDepartmentId();
    }
    /**
     * Set department id.
     *
     * @param departmentid - A BigDecimal contains department id.
     *
     */
    public void setDepartmentId(BigDecimal departmentid)
    {
        try
        {
            ((DbUser) getPersistentObj()).setDepartmentId(departmentid);
        }
        catch (Exception e)
        {
            log.debug("Set department id failed:", e);
        }
    }
you can do as many as FKs as you wish as long as they appear before your
DB_USER table in the schema file.
The rest of the instruction is in Henning's post 
(http://www.mail-archive.com/[EMAIL PROTECTED]/msg12645.html). 
 Please go through what he has outlined there. You will have a much 
better idea how this works.

The user_id is INTEGER when using idbroker, I guess if you define the 
user_id method differently in building Turbine-2.3, you may be able to 
use other types for USER_ID.  I did not try that. But idbroker works 
just fine unless you have two apps using the same DB.  Then you have to
do some id management on the DB server. I use Oracle 8i and 9i BTW.

Wei

oron ogdan wrote:

for some functionality we need the org.apache.turbine.om.security.User
interface, like for asking ExtnededUser.isConfirmed(), and for other cases
we need the torque chain generated class, what am I missing ?
If I want to extend the user functionality and fields but also let it
participate in foreign table relationships
i.e. SomeTorqueObject.setOwnedBy(SomeExtendedUser) ...
???

-----Original Message-----
From: Wei He [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 20, 2003 12:07 PM
To: Turbine Developers List
Subject: Re: Torque Security Service


The detail was further illustrated in several other posts from Henning:

http://www.mail-archive.com/[EMAIL PROTECTED]/msg12645.html
http://www.mail-archive.com/[EMAIL PROTECTED]/msg12663.html
I followed these instructions, it works ery well. I ended up having only
one schema file for all the tables (total of 94) for conveniences
because of FK linking to other Turbine tables.
Thanks for the great work, guys. Looking forward to seeing 2.3 final
release. I have being using the dev in the HEAD for a few months in a
beta environment, I have not discovered any problem yet.
Wei

Henning P. Schmiedehausen wrote:

Scott Eade <[EMAIL PROTECTED]> writes:



1. When I define the structure of CUSTOM_USER I want to do this
in the project schema file rather than the turbine schema file
so that I can have foreign keys to CUSTOM_USER.  As a result I
will pretty much move everything from the turbine schema file
into my project's schema file (in order to have all of the
foreign-key references).  Unlike in the past where I would
define a table as an alias of TurbineUser I should no longer
bother with this and just configure turbine to use the om
classes generated for my project.  Is this correct?


Yes. The fact that Torque cannot generate foreign key references to
tables which are not defined in the same schema is unfortunate (I have
a project with currently 79 tables... ) but a torque limitation.



2. In "The elegant way" part of the Torque Security Service
page we have:

public class CustomUser extends TorqueUser
Can you please clarify which class is extending what - I
assume when I generate my project om I will have CustomUser
extending BaseCustomUser extending BaseObject.  Which specific
TorqueUser class is being extended and by which specific class.


This is two-layered.

There is the Torque generated stuff:

DATABASE_USER  ---> DatabaseUser, DatabaseUserPeer, BaseDatabaseUser,
BaseDatabaseUserPeer

Those classes do _not_ implement the necessary Security Object
Interfaces (like User, Group, Role, Permission). So there is a layer
in between which uses reflection to transfer fields from the database
peers into our security objects. These objects are TorqueUser,
TorqueGroup, TorquePermission, TorqueRole. If you use just the
"normal" fields, you're done here. You configure the Security Service
to return the Torque<xxx> objects and the TorqueSecurityService
automagically maps all the needed information from the Torque
generated peers.
Now, if you want to use custom columns, you must extend the objects
implementing

the Security interfaces. These are the Torque<xxx> objects:

package de.intermeta.application.security;

import org.apache.turbine.services.security.torque.TorqueUser;

public class ExtendedUser extends TorqueUser
{
...
}
This is still an object which implements "User". You configure the
SecurityService (!)  to return objects of this type as User objects:
services.SecurityService.user.class =
de.intermeta.application.security.ExtendedUser

Note that this is the Security Service itself! Not the
TorqueSecurityService!

Your custom user is then responsible to map the additional columns
onto the underlying database peer object.
E.g. if you use

<table name="CUSTOM_USER" idMethod="idbroker">
[... turbine stuff ...]
   <column name="TELEPHONE" size="32" type="VARCHAR" javaName="Phone" />
</table>
as your database peer, you get

CUSTOM_USER  ---> CustomUser, CustomUserPeer, BaseCustomUser,
BaseCustomUserPeer

and you configure the TorqueSecurityService to use this as peer:

services.SecurityService.torque.userPeer.class = CustomUserPeer

public class ExtendedUser extends TorqueUser
{
 public String getPhone()
 {
   return ((CustomUser) getPersistentObj()).getPhone();
 }
getPersistentObj() gets the underlying Torque object, which is a
CustomUser object (because we configured the TSS to use it as peer
objects), so we can cast it. Then we can simply call getPhone() and
return the value.
The "ExtendedUser" is an adapter between the Torque based objects and
the security service objects (which must implement the Security
Service interfaces).
Clearer now? I fixed some bugs in the torque-security-service.xml
docs, too.
        Regards
                Henning


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]