I have worked for some time on the subj. To make it very clear I will
start telling in a few words about the system.
On the client side we are going to use Swing, connecting to a Orion
server. We will just use simple authentication based on the
System.getProperty("user.name");
The server should then look up the user in Active Directory, and get the
groups he is a member of. Based on these groups and the roles in
ejb-jar.xml the server should administer access to the application.
That's very short the application.
Now my problem is implementing all this. I can not find any
documentation telling me how to do it. Matthew Porter has been so kind
to send me an implementation he has made called LdapUserManager.
Based on this Manager I have the following questions:
Firstly I would like to know how the client identifies to the
UserMAnager/Orion who he is. It needs just to give the "user.name" of
the user.
Secondly, how do I tell the UserManager which attributes to take from
the Active Directory in order to find out which groups he is a member
of?
How do I inform Orion on using LdapUserManager, and other classes from
the com.linjafoo package?
Reaching this point I believe that the server should do the rest by
itself. The rest I reffer to adminestring the roles and access to the
application. Please, correct me if I'm wrong.
Now what I _think_ Orion will do, is that it will manage the access to
methods and beans using the LdapUserManager. In my program code I will
then also be able to ask isCallerInRole(role).
One last thing is: Does there exits an independent implementation
instead of using something based on the Orion model. I mean, is roles
and grouips not part of the J2EE? I would prefer a independent way -
write once run anywhere.
That was many questions but I hope someone out their has been thru all
this, and just knows how to do it :-)
Thanks for any kind of help or comments.
Thomas Saxtoft
--
Thomas Saxtoft
EDB afdelingen
Søndagsavisen A/S
Tlf.: 3957 7531
Fax: 3957 7597
