Use the UserManager
Description:
The UserManager is an administration tool with a huge functionality.
First of all you can store Users in it with all necessary information, even their own passwords, which you can
garble (make unreadable). By assigning them certain Capabilities you can protect any possible Action
of your application from unauthorized access and thereby have customers and employees administered by one
UserManager.
Used classes:
Related topics:
- none
ToDo:
-
Make an instance of
UserManagerin yourShopclass. -
Set the instance as global
UserManager. -
If you want to add an
User, get theGlobalUMand add theUserto it.
Example Source Code:
public class UserShop extends Shop
{
public UserShop()
{
super();
1
UserManager userManager = new UserManager();
2
UserManager.setGlobalUM(userManager);
}
public void init()
{
3
User user = new User("Dolores");
UserManager.getGlobalUM().addUser(user);
}
}
Back to:
Add an ActionCapability to an User
Description:
A Capability is used to guard Actions of an application or, and that´s the way it works, to decide
wether a User is allowed to do the Action or not.
Used classes:
Related topics:
ToDo:
-
Instantiate a new
ActionCapabilitywith- its name
- the text that should be shown in case of an access denial
- the action that is guarded by the
Capability - true or false for the
Capabilityto be set as granted or not
-
Add the
Capabilityto theUser.
Example Source Code:
// create an User
User user = new User("Dolores");
1
ActionCapability capAction = new ActionCapability(
// name of the capability
"CapabilityName",
// acccess denied text
"Access denied text",
// guarded action
new UserCustomAction(),
// grant access
true);
// set the DisplayNameResourceBundle so the CapabilityCheckBox can be labled
ActionCapability.setDisplayNameResourceBundleName("MyResourceBundle");
2
user.setCapability(capAction);
// add user to UserManager
UserManager.getGlobalUM().addUser(user);
// create an ordinary User
User noAccessUser = new User("Dummy");
2
// assign the capability seen above, but set to false (->access denied)
noAccessUser.setCapability(capAction.getToggled());
UserManager.getGlobalUM().addUser(noAccessUser);
Back to:
Garble a User's password
Description:
In order to provide password security in transactions of User data, the password of a User should be
garbled. Therefor the framework provides the interface users.PassWDGarbler, which is implemented in the
static User.DEFAULT_PASSWORD_GARBLER and encodes the password with the MD5 algorithm. You may feel free to define
your own password garbler and use it.
To get hold of it, you may use the static Field or the static method User.getGlobalPassWDGarbler, which returns
the DEFAULT_PASSWORD_GARBLER by default or the garbler set by
User.setGlobalPassWDGarbler(PassWDGarbler pwdg). The global password garbler is also being used when the static
method User.garblePassWD(char[] pwd) is being called.
As you can see, there are many ways to garble a password and a method to set a user's password, too:
setPassWd(char[] pwd), setting the password as is, which means you have to garble it first, if you want it to be
garbled. Remember, there is no way to retrieve a password once being set, you can only check wether a certain char[] equals
the password, again as is, so a garbled password has to be compared to a garbled char[] by isPassWd(char[] query)
of the User you are checking on.
The password check is being automatically performed by the LogOnForm using the global password garbler. If needed,
you may redefine the ok() of it. For more information on the LogOnForm, please refer to
Use a LogOnForm.
Used classes:
Related topics:
ToDo:
- Garble the password.
-
Set the password to the
User.
Example Source Code:
// retrieve password from dialog
Do no hardcode the password!
1
char[] password = User.garblePassWD((char[]) givenPassword);
2
user.setPassWd(password);
// add user to UserManager
UserManager.getGlobalUM().addUser(user);
Back to:
 Log management |