Using DBSecurityManager

Documents for the development of and with JVx.

Using DBSecurityManager

Postby Development@SIB » Fri Sep 17, 2010 1:45 pm

User authentication is a common requirement for business applications. Although it is a fairly simple task, implementation is often anything but easy. The more an application has to be integrated into an existing infrastructure, the more complex the implementation can be, e.g. Single Sign On.

The JVx framework allows the integration of any authentication system. The Security Manager concept allows the use of a new system at any time.

XmlSecuritymanager and DBSecurityManager have already been implemented. The DBSecurityManager checks a username and passwort against a user table in the database.

This table can be defined as follows:

Code: Select all
CREATE TABLE USERS
(
  ID INTEGER IDENTITY,
  USERNAME VARCHAR(255) NOT NULL,
  PASSWORD VARCHAR(255) NOT NULL,
  CHANGE_PASSWORD CHAR(1) DEFAULT 'N',
  VALID_FROM TIMESTAMP,
  VALID_TO TIMESTAMP,
  ACTIVE CHAR(1) DEFAULT 'Y',
  FIRST_NAME VARCHAR(20),
  LAST_NAME VARCHAR(20),
  EMAIL VARCHAR(255),
  PHONE VARCHAR(20),
  CONSTRAINT USR_PK PRIMARY KEY(ID),
  CONSTRAINT USR_NAME_UK UNIQUE(USERNAME)
)


Config.xml has to be adapted to enable the use of the Security Manager:

Code: Select all
<application>
  ...
  <securitymanager>
    <class>com.sibvisions.rad.server.security.DBSecurityManager</class>
    <database>
      <url>jdbc:derby://localhost:1527/demo</url>
      <username>user</username>
      <password>pwd</password>
    </database>
  </securitymanager>
  ...
</application>


Everything else is handled by JVx:

  • Verifying the username
  • Verifying the password
  • Verifying validity
  • Verifying activation

For the implementation of alternative authentication systems see Implementing the Security Manager.
User avatar
Development@SIB
 
Posts: 311
Joined: Mon Sep 28, 2009 1:54 pm

Return to Documentation