Hello,
I have a problem with the Custom User Manager that I am using. The
application server that I am using is Orion 1.5.2 (WinNT) and the Custom
user manager is a class com.orionsupport.security.SimpleUserManager. I
downloaded this class from Orion website and it asked me to extends this
(SimpleUserManager) abstract class and implement three methods namely
protected abstract boolean userExists( String username );
protected abstract boolean checkPassword( String username, String
password );
protected abstract boolean inGroup( String username, String groupname );
Then in my specify in OrionApplication.xml to use this new class (extending
SimpleUserManager) to be the User Manager Class.
For authentication purpose I connect to LDAP for the first time (in init()
method)and use this connection to check the user and validate the password.
THE PROBLEM COMES WHEN THE USERNAME AND/OR PASSWORD SUPPLIED IS INVALID.
AFTER THIS ALL SUBSEQUENT CALLS FAIL TO AUTHENTICATE THE USER EVEN IT THE
USER ID AND PASSWORD ARE CORRECT AND I GET AN LDAP EXCEPTION.
I tried to debug the problem and found that if I reconnect after getting an
LDAPException (i.e to say the user id and/or password are incorrect), I am
able to authenticate all future calls. This seems to be absurd because I
would end up connecting to LDAP everytime the user id and password is
incorrect and someone could slow down the server using this loop-hole.
Has anyone faced this problem or has any suggestions ..
Thanx a lot in anticipation
Jeetendra Dassani
Lead Systems Engineer
Tata Infotech Limited
Tel: 8291261 X 2787
Email: [EMAIL PROTECTED]
[EMAIL PROTECTED]
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
