I have a login/registration system in my oss project.. I am using the
JDBC realm to authenticate the users, and JMS + EJB3 to do the
registration... the benefits of using the container to authenticate
and EJB annotations to the authorization is that you really don't need
to care about JAAS, you just delegate security to Glassfish and focus
in other more important tasks...
you can test it here:
http://fgaucho.dyndns.org:8080/cejug-classifieds-richfaces
* you should click on the "publishing link" and then register to see
the use case workflow (and don't worry about the data, this is a test
server, almost every day I reset the database...)
if you like, you can get the complete code here:
https://cejug-classifieds.dev.java.net/
enjoy.......
On Sun, Feb 22, 2009 at 3:35 PM, <glassfish_at_javadesktop.org> wrote:
> Hi,
>
> I want the users to allow to register an account and log into for my system. Imagine one of the many web sites where you can do this. The only difference is that I want to use a remote client instead of a web client.
>
> The system is backed by an EJB, which accesses the a DB via JPA, where the user information should be stored.
>
> I'm very new to JAAS. I've read several articles/ documentations but could not figure out how to do this.
>
> Here is what I'm thinking of:
>
> @Stateless(mappedName = "AccountManager")
> @RolesAllowed("USERS")
> public class AccountManagerBean implements AccountManager {
>
> @PersistenceContext(unitName = "mysystem")
> private EntityManager entityManager;
>
> @Resource
> private SessionContext sessionContext;
>
>
> @PermitAll
> @Override
> public boolean login(String userName, char[] password) {
> // checks if there is a registered user with the specified user name
> // and the specified password and if the user has been assigned to the
> // role "USERS".
>
> // make JAAS remember this
> return false;
> }
>
> @Override
> public void logout() {
> Principal callerPrincipal = sessionContext.getCallerPrincipal();
> String name = callerPrincipal.getName();
> // clear the settings from JAAS
> }
>
> @PermitAll
> @Override
> public void register(String userName, char[] password) {
> // Register a new user and assign it the role "USERS".
> }
>
> @Override
> public void unregister() {
> Principal callerPrincipal = sessionContext.getCallerPrincipal();
> String name = callerPrincipal.getName();
> // Unregister the user. (Also remove the user from the "USERS" role list.)
> }
>
> @Override
> public void setUserInfo(UserInfo userInfo) {
> Principal callerPrincipal = sessionContext.getCallerPrincipal();
> String name = callerPrincipal.getName();
> // Sets the user info of the caller.
> }
>
> @Override
> public UserInfo getUserInfo() {
> Principal callerPrincipal = sessionContext.getCallerPrincipal();
> String name = callerPrincipal.getName();
> // Gets the user info of the caller.
> return null;
> }
> }
>
> Does this make sense? How can I integrate this with JAAS? Given the number of web sites having such a feature, I think this is probably a common thing to do, I just couldn't find out how yet.
>
> -Puce
> [Message sent by forum member 'puce' (puce)]
>
> http://forums.java.net/jive/thread.jspa?messageID=333249
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
--
Please help to test this application:
http://fgaucho.dyndns.org:8080/cejug-classifieds-richfaces