In our application which we're building for OC4J, we need to validate users
against our database "UserProfile" object, so it's logical to use the
DataSourceUserManager class. We also have to write log events (into a
database table) whenever there is a "login event" (login, logout, incorrect
password, nonexistent user, etc.). Therefore, it seems logical to write a
class derived from DataSourceUserManager, all of whose methods call the
superclass methods (including "init()"), but which logs the results in a
database table.
I tried doing this, and I was able to compile it and set it up to be used by
OC4J. When I started OC4J, it hit the breakpoint in the "init()" method of
my subclass, and I verified the Properties list was what I set in the
"application.xml" file (orion-application element). However, none of the
other methods were used. I set breakpoints in all the methods of the
subclass (all derived from the superclass), and none of them were hit when I
tried to login to the application. The login attempt sent me to the login
error page, but I'm not certain exactly what made that decision.
I also tried writing a subclass of the "SimpleUserManager" class, which
internally creates a DataSourceUserManager class, and uses the same set of
properties, so I can pass them directly to the DSUM instance's "init()"
method. However, I still have the same problem, in that the "init()" method
gets called, but none of the validation methods are called when I try to log
into the application.
In case it matters, here is the excerpt from my "web.xml" which shows the
security area, and the excerpt from my "application.xml" (the "orion"
version, not the "j2ee" version) that shows the UserManager specification.
I also include the "LoggingUserManager" class that I wrote.
web.xml excerpt:
-------------------
<security-constraint>
<web-resource-collection>
<web-resource-name>projname</web-resource-name>
<url-pattern>/main/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>analyst</role-name>
<role-name>administrator</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Projname</realm-name>
<form-login-config>
<form-login-page>/login/login.jsp</form-login-page>
<form-error-page>/login/error.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>A user allowed to make administrative changes</description>
<role-name>administrator</role-name>
</security-role>
<security-role>
<description>Data Analyst</description>
<role-name>analyst</role-name>
</security-role>
-------------------
application.xml excerpt:
-------------------
<user-manager class="....common.utils.LoggingUserManager">
<property name="table" value="UserProfileBean"/>
<property name="userNameField" value="userId"/>
<property name="passwordField" value="password"/>
<property name="dataSource" value="jdbc/OracleDS"/>
<property name="groupMembershipTableName" value="GroupMembershipBean"/>
<property name="groupMembershipGroupFieldName" value="groupName"/>
<property name="groupMembershipusernameFieldName" value="userId"/>
</user-manager>
<security-role-mapping name="administrator">
<group name="administrators"/>
</security-role-mapping>
<security-role-mapping name="analyst">
<group name="analysts"/>
</security-role-mapping>
<library
path="C:\cygwin\home\c-dkarr\java\felix2\j2ee\oc4jConfig\build\felix-oc4jCon
fig.jar"/>
-------------------
LoggingUserManager.java (minus package and imports):
-------------------
public class LoggingUserManager extends SimpleUserManager
{
private DataSourceUserManager dataSourceUserManager =
new DataSourceUserManager();
public void init(Properties properties)
throws InstantiationException
{
dataSourceUserManager.init(properties);
}
protected boolean userExists(String userId)
{
com.evermind.security.User user =
dataSourceUserManager.getUser(userId);
boolean result = (user != null);
System.out.println("userExists. userId[" + userId +
"] result[" + result + "]");
return (result);
}
protected boolean checkPassword(String userId, String password)
{
com.evermind.security.User user =
dataSourceUserManager.getUser(userId);
boolean result = (user.authenticate(password));
System.out.println("checkPassword. userId[" + userId +
"] password[" + password +
"] result[" + result + "]");
return (result);
}
protected boolean inGroup(String userId, String groupName)
{
com.evermind.security.User user =
dataSourceUserManager.getUser(userId);
com.evermind.security.Group group =
dataSourceUserManager.getGroup(groupName);
boolean result = (user.isMemberOf(group));
System.out.println("inGroup. userId[" + userId +
"] groupName[" + groupName +
"] result[" + result + "]");
return (result);
}
}
-------------------
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
