users@glassfish.java.net

Dynamic user registration

From: <glassfish_at_javadesktop.org>
Date: Sun, 22 Feb 2009 06:35:42 PST

Hi,

I want the users to allow to register an account and log into for my system. Imagine one of the many web sites where you can do this. The only difference is that I want to use a remote client instead of a web client.

The system is backed by an EJB, which accesses the a DB via JPA, where the user information should be stored.

I'm very new to JAAS. I've read several articles/ documentations but could not figure out how to do this.

Here is what I'm thinking of:

@Stateless(mappedName = "AccountManager")
@RolesAllowed("USERS")
public class AccountManagerBean implements AccountManager {

    @PersistenceContext(unitName = "mysystem")
    private EntityManager entityManager;

    @Resource
    private SessionContext sessionContext;


    @PermitAll
    @Override
    public boolean login(String userName, char[] password) {
        // checks if there is a registered user with the specified user name
        // and the specified password and if the user has been assigned to the
        // role "USERS".

        // make JAAS remember this
        return false;
    }

    @Override
    public void logout() {
        Principal callerPrincipal = sessionContext.getCallerPrincipal();
        String name = callerPrincipal.getName();
        // clear the settings from JAAS
    }

    @PermitAll
    @Override
    public void register(String userName, char[] password) {
        // Register a new user and assign it the role "USERS".
    }

    @Override
    public void unregister() {
        Principal callerPrincipal = sessionContext.getCallerPrincipal();
        String name = callerPrincipal.getName();
        // Unregister the user. (Also remove the user from the "USERS" role list.)
    }

    @Override
    public void setUserInfo(UserInfo userInfo) {
        Principal callerPrincipal = sessionContext.getCallerPrincipal();
        String name = callerPrincipal.getName();
        // Sets the user info of the caller.
    }

    @Override
    public UserInfo getUserInfo() {
        Principal callerPrincipal = sessionContext.getCallerPrincipal();
        String name = callerPrincipal.getName();
        // Gets the user info of the caller.
        return null;
    }
}

Does this make sense? How can I integrate this with JAAS? Given the number of web sites having such a feature, I think this is probably a common thing to do, I just couldn't find out how yet.

-Puce
[Message sent by forum member 'puce' (puce)]

http://forums.java.net/jive/thread.jspa?messageID=333249
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.