Unless you have some especially complicated logic for authenticating
users, you might want to simply use the DataSourceUserManager.
Search the list archive for "DataSourceUserManager" and you'll find a
pretty good discussion of UserManagers.
I set this up last weekend. Users in my system are represented by a
Member CMP entity bean which has name and password fields. Rather than
implement my own UserManager or use the EJBUserManager (which would
require modifying my bean to implement EJBUser, yuck), I simply pointed
the DataSourceUserManager at the underlying table for the CMP Member
bean.
Here's my entry from orion-application.xml:
<user-manager class="com.evermind.sql.DataSourceUserManager">
<property name="dataSource"
value="jdbc/HypersonicCoreDS" />
<property name="table" value="memberejb"/>
<property name="usernameField" value="membername" />
<property name="passwordField" value="password" />
<property name="defaultGroups" value="authenticated" />
</user-manager>
As far as getting the user logged in without first accessing a protected
resource, that's one of the tasks I'm going to work on today :-)
There is no platform-independent way to do this; unfortunately, this is
not covered by the Servlet spec. I don't believe you can simply call
j_security_check because there is no mechanism to define a "success"
page; normally, this is set up when you try to access a protected
resource.
I believe the proper way to do what you want is to get a reference to
the (Orion-specific) RoleManager object and call its login() method.
>From the list archives, it looks like you can get the RoleManager like
this:
import com.evermind.security.RoleManager;
Context ctx = new InitialContext();
RoleManager roleManager =
(RoleManager)ctx.lookup("java:comp/RoleManager");
But I haven't tried any of this yet so YMMV :-)
A minor annoyance:
I've noticed that when form-based login is used, the servlet that
handles j_security_check issues a forward rather than a redirect to the
protected page that the user originally requested. The consequence is
that the URL in the web browser ends up being
"http://my.site.com/blah/j_security_check" rather than what the user
originally requested. An aesthetic issue, but still annoying. I guess
this is my opportunity to make a Bugzilla contribution.
Jeff
> -----Original Message-----
> From: Christian Sell [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, October 17, 2000 2:55 AM
> To: Orion-Interest
> Subject: custom user management
>
>
> Hi there,
>
> I want to customize orions authentication mechanism to use an
> existing user
> database. So far, I understand that I have to create my own
> UserManager
> class and register it in orion-application.xml. What I dont
> understand is:
>
> - how do I access the user manager at runtime (e.g., to create users)
> - how do I perform programmatical login (bypassing the
> login-config from
> web.xml, e.g. from a home page with a login field)
>
> any hints, URLs?
>
> TIA,
> Christian
>
>
>
