Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Other Topics >> Patterns & OO Design

Creating login session.

I have a database which holds all my user information including login credentials (username, password)...

Here is how I thought of doing it...

Create a container managed entity of the table which holds the login credentials. Implement a custom finder method using ejb-ql, which in turn returns the user information, based on username and password.

Create a session bean which gathers the username and password, creates and instance of the entity bean and calls the custom finder method, passing the username and password as arguments.

Is this method corect? Also do I have to set anything special in the descriptors?

Below are the deployment descriptor values and source code...

session

display-name: Login

ejb-name: Login

home: XXX.XXXXXXXXXX.LoginHome

remote: XXX.XXXXXXXXXX.Login

ejb-class: XXX.XXXXXXXXXX.LoginBean

session-type: Stateful

transaction-type: Container

entity

display-name: MerchantInfo

ejb-name: MerchantInfo

home: XXX.XXXXXXXXXX.MerchantInfoRemoteHome

remote: XXX.XXXXXXXXXX.MerchantInfoRemote

ejb-class: XXX.XXXXXXXXXX.MerchantInfoBean

persistence-type: Container

prim-key-class: java.lang.Integer

reentrant: False

cmp-version: 2.x

abstract-schema-name: MerchantInfo

... Field mapings here.

Is the login method corect? By returning true or false? Should I track any other states etc...?

[source]

public class LoginBean implements SessionBean, SessionSynchronization

{

SessionContext sessionContext;

javax.naming.Context loginContext;

MerchantInfoRemoteHome home;

MerchantInfoRemote merchantInfo;

public void ejbCreate() throws CreateException {

try

{

loginContext = new javax.naming.InitialContext();

Object objref = loginContext.lookup("MerchantInfo");

home = (MerchantInfoRemoteHome) javax.rmi.PortableRemoteObject.narrow(objref, MerchantInfoRemoteHome.class);

}

catch(Exception ex)

{

}

}

public void ejbRemove()

{

}

public void ejbActivate()

{

}

public void ejbPassivate()

{

}

public void setSessionContext(SessionContext sessionContext)

{

this.sessionContext = sessionContext;

}

public void afterBegin()

{

}

public void beforeCompletion()

{

}

public void afterCompletion(boolean committed)

{

}

public boolean login(java.lang.Integer mid, java.lang.String uName, java.lang.String pass)

{

try

{

merchantInfo = home.findByMerchantCredentials(mid, uName, pass);

}

catch(Exception ex)

{

return(false);

}

return(true);

}

[/source]

[2859 byte] By [ANSI2002] at [2007-9-27 22:48:13]
«« Creating a Test ResultTest
»» problem with painting background in paintComponent.
# 1
Nobody has ever had to do this? Maybe am doing it wrong completly. Maybe I should use user relams? The prblem is though am no to sure that user realms really apply to my situation. As in the application we have require 3 parameters for login and not just username and password.
ANSI2002 at 2007-7-7 13:52:22 > top of Java-index,Other Topics,Patterns & OO Design...
# 2
I came to this forum looking for the exact same answer you are seeking. I'm sure there is an established pattern for handling user logins and authentication and I do not want to reinvent the wheel.If I find a code example I will reply again. Good luck finding a solution.
umpteen at 2007-7-7 13:52:22 > top of Java-index,Other Topics,Patterns & OO Design...
# 3

> Create a container managed entity of the table which

> holds the login credentials. Implement a custom finder

> method using ejb-ql, which in turn returns the user

> information, based on username and password.

>

> Create a session bean which gathers the username and

> password, creates and instance of the entity bean and

> calls the custom finder method, passing the username

> and password as arguments.

Sounds good to me. That is the way I would probably do it as well; use entitby beans for EJB-tier data representation and session beans for the business logic.

> Is this method corect? Also do I have to set anything

> special in the descriptors?

It is a correct method if it works for you. As for being a "standard" method of doing things I think the answer is yes. I'm not sure what you mean by "anything special" in the descriptors? Depends on what you are trying to accomplish. :) To me it looks that you've got everything set up correctly.

> Is the login method corect? By returning true or false?

That is pretty much up to you. I don't think that there is one standard way of handling logins that would specify things at such a precise level of detail.

Returning a boolean sounds logical to me. I would perhaps consider naming the login method to question form for which true/false is a proper answer. For example isLoginOK or something like that. That way it would be implicitly clear (even without Javadocs) what your method does, the user of the method does not have to guess when does the method return true and when false.

> Should I track any other states etc...?

Sorry to answer a question with a question again, but that depends entirely on what you are trying to accomplish in the bigger picture. :)

Zetor at 2007-7-7 13:52:22 > top of Java-index,Other Topics,Patterns & OO Design...
# 4

I don't quite follow why the standard security (authentication) mechanism does not meet your needs. For example, why can't you use JAAS for authentication. You can definitely write your own LoginModule that stores user names and passwords in a database and still uses JAAS. Or, why can't you extend the authentication mechanism built into your application server. Most app. servers allow you to implement your own realm.

The one thing I would be woried about with your approach is that you are choosing to implement security on your own and not use the security mechanisms built in. This means that you will not be able to take advantage of the other built in security mechanisms such as EJBContext.getPrincipal() and EJBContext.isUserInRole(). Also, the built in declarative security that you can use to protect access to beans and methods is going to be out of your reach. (Not a big loss though, since the declarative security is pretty much useless in real world situations, but something to think about anyhow).

You mentioned that you have 3 pieces of information, a user name, password, and what is the third one?

--Maciej

http://www.urbancode.com

maciejz at 2007-7-7 13:52:22 > top of Java-index,Other Topics,Patterns & OO Design...
Other Topics
Patterns & OO Design

Other Topics New Topic

Other Topics Hot Topic

Other Topics

All Classified