You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@isis.apache.org by Kevin Meyer - KMZ <ke...@kmz.co.za> on 2011/05/07 18:34:57 UTC
Login without password / cutoms user Memento
I'm looking into creating a membership management system for a
society that I belong to .. and I would like to know what my login
management options are..
Dan, I've been looking into the message of "Wed, 23 Feb 2011
23:21:22 +0000", where you refer to replacing
DomainObjectContainerDefault with a "MyDomainObjectContainer",
which in turn overrides the getUser() method.
Will this still work? I can't find most of the referenced classes, so I
assume they've been renamed / moved since then... hmm and I can't
subclass UserMemento as advised, as it is marked "final"...
Mostly, I see that I have two options:
The application always logs in with a dummy user, and I manage user
accounts with "dummy" service methods that emulate login/logout. I
would just need some mechanism to track wether a dummy login has
occurred, and that the dummy logged in user must be available
between server requests. I am already providing "hideXXX" methods
to manage guest/normal/admin access to service methods.
The other option is to use a real Isis authentication. The issue here is
how do "new users" sign-on? Provide instructions with "login in first
with user A".. then create an account application (using exposed
service methods?)
I know it's terrible for production use, but for prototyping, does the file-
based authentication engine re-read the password file with every
login? Can I use Isis to manually add new entries, that will be picked
up immediately ?
Regards,
Kevin