Ok...I admit it, I am stuck in user-land and need a map to get out.
It looks like the usermanager methodology is the way to authenticate my
users on my website. However, I am a little stuck.
If you look at the pet store example, nobody can log in unless you are a
user as identified in the principals.xml file, or you create a new user
everytime. Ok for a demo, but pretty useless for an ecommerce application.
The datasourceusermanager seems pretty good, except that without the
container/transaction stuff, we would have to implement all of that
ourselves. That brings me to the ejbusermanager. Its part of the
ejb/transaction management stuff, and provided my database can be relatively
secure, we can do our user authentication. But I have some befuddeling
questions:
1. If we include the user-manager declaration in the orion-application.xml,
is the rolemanager the proper interface for logging users in? Or must we get
the ejb reference, and hardcode the login? ,ie,
userbean.authenticate(password)...
2. Will I need a separate datasource for the ejbusermanager?
3. Are there any examples of ejbusermanager authentication (soup to nuts)?
Regards and buffudled,
Lawrence
