Login without password / cutoms user Memento

[Kevin Meyer - KMZ <ke...@kmz.co.za>]

I'm looking into creating a membership management system for a 
society that I belong to .. and I would like to know what my login 
management options are..

Dan, I've been looking into the message of "Wed, 23 Feb 2011 
23:21:22 +0000", where you refer to replacing 
DomainObjectContainerDefault with a "MyDomainObjectContainer", 
which in turn overrides the getUser() method.

Will this still work? I can't find most of the referenced classes, so I 
assume they've been renamed / moved since then... hmm and I can't 
subclass UserMemento as advised, as it is marked "final"...


Mostly, I see that I have two options:
The application always logs in with a dummy user, and I manage user 
accounts with "dummy" service methods that emulate login/logout. I 
would just need some mechanism to track wether a dummy login has 
occurred, and that the dummy logged in user must be available 
between server requests. I am already providing "hideXXX" methods 
to manage guest/normal/admin access to service methods.

The other option is to use a real Isis authentication. The issue here is 
how do "new users" sign-on? Provide instructions with "login in first 
with user A".. then create an account application (using exposed 
service methods?)

I know it's terrible for production use, but for prototyping, does the file-
based authentication engine re-read the password file with every 
login? Can I use Isis to manually add new entries, that will be picked 
up immediately ?

Regards,
Kevin