I have worked for some time on the subj. To make it very clear I will start telling in a few words about the system.
On the client side we are going to use Swing, connecting to a Orion server. We will just use simple authentication based on the System.getProperty("user.name"); The server should then look up the user in Active Directory, and get the groups he is a member of. Based on these groups and the roles in ejb-jar.xml the server should administer access to the application. That's very short the application. Now my problem is implementing all this. I can not find any documentation telling me how to do it. Matthew Porter has been so kind to send me an implementation he has made called LdapUserManager. Based on this Manager I have the following questions: Firstly I would like to know how the client identifies to the UserMAnager/Orion who he is. It needs just to give the "user.name" of the user. Secondly, how do I tell the UserManager which attributes to take from the Active Directory in order to find out which groups he is a member of? How do I inform Orion on using LdapUserManager, and other classes from the com.linjafoo package? Reaching this point I believe that the server should do the rest by itself. The rest I reffer to adminestring the roles and access to the application. Please, correct me if I'm wrong. Now what I _think_ Orion will do, is that it will manage the access to methods and beans using the LdapUserManager. In my program code I will then also be able to ask isCallerInRole(role). One last thing is: Does there exits an independent implementation instead of using something based on the Orion model. I mean, is roles and grouips not part of the J2EE? I would prefer a independent way - write once run anywhere. That was many questions but I hope someone out their has been thru all this, and just knows how to do it :-) Thanks for any kind of help or comments. Thomas Saxtoft -- Thomas Saxtoft EDB afdelingen Søndagsavisen A/S Tlf.: 3957 7531 Fax: 3957 7597