HowTos User Management

Aus Salespoint

(Unterschied zwischen Versionen)
Wechseln zu: Navigation, Suche
(Garble a User's password)
(Garble a User's password)
Zeile 85: Zeile 85:
To get hold of it, you may use the static Field or the static method User.getGlobalPassWDGarbler, which returns the DEFAULT_PASSWORD_GARBLER by default or the garbler set by User.setGlobalPassWDGarbler(PassWDGarbler pwdg). The global password garbler is also being used when the static method User.garblePassWD(String pwd) is being called.
To get hold of it, you may use the static Field or the static method User.getGlobalPassWDGarbler, which returns the DEFAULT_PASSWORD_GARBLER by default or the garbler set by User.setGlobalPassWDGarbler(PassWDGarbler pwdg). The global password garbler is also being used when the static method User.garblePassWD(String pwd) is being called.
As you can see, there are many ways to garble a password and a method to set a user's password, too: setPassWd(String pwd), setting the password as is, which means you have to garble it first, if you want it to be garbled. Remember, there is no way to retrieve a password once being set, you can only check wether a certain String equals the password, again as is, so a garbled password has to be compared to a garbled String by isPassWd(String query) of the User you are checking on.
As you can see, there are many ways to garble a password and a method to set a user's password, too: setPassWd(String pwd), setting the password as is, which means you have to garble it first, if you want it to be garbled. Remember, there is no way to retrieve a password once being set, you can only check wether a certain String equals the password, again as is, so a garbled password has to be compared to a garbled String by isPassWd(String query) of the User you are checking on.
-
The password check is being automatically performed by the LogOnForm using the global password garbler. If needed, you may redefine the ok() of it. For more information on the LogOnForm, please refer to [[HowTos_Display#Use_a_LogOnForm Use a LogOnForm]].  
+
The password check is being automatically performed by the LogOnForm using the global password garbler. If needed, you may redefine the ok() of it. For more information on the LogOnForm, please refer to [[HowTos_Display#Use_a_LogOnForm|Use a LogOnForm]].  
'''ToDo:'''  
'''ToDo:'''  

Version vom 22:36, 5. Apr. 2009

Use the UserManager

Description: The UserManager is an administration tool with a huge functionality. First of all you can store Users in it with all necessary information, even their own passwords, which you can garble (make unreadable). By assigning them certain Capabilities you can protect any possible Action of your application from unauthorized access and thereby have customers and employees administered by one UserManager.

ToDo:

  1. Make an instance of UserManager in your Shop class.
  2. Set the instance as global UserManager.
  3. If you want to add an User, get the GlobalUM and add the User to it.

Example Source Code:

public class UserShop extends Shop
{
public UserShop()
{
super();
1
UserManager userManager = new UserManager();
 
2
UserManager.setGlobalUM(userManager);
}
 
public void init()
{
3
User user = new User("Dolores");
UserManager.getGlobalUM().addUser(user);
}
}

Add an ActionCapability to an User

Description: A Capability is used to guard Actions of an application or, and that´s the way it works, to decide wether a User is allowed to do the Action or not.

ToDo:

  1. Instantiate a new ActionCapability with
    • its name
    • the text that should be shown in case of an access denial
    • the action that is guarded by the Capability
    • true or false for the Capability to be set as granted or not
  2. Add the Capability to the User.

Example Source Code:

// create an User
User user = new User("Dolores");
 
1
ActionCapability capAction = new ActionCapability(
// name of the capability
"CapabilityName",
// acccess denied text
"Access denied text",
// guarded action
new UserCustomAction(),
// grant access
true);
// set the DisplayNameResourceBundle so the CapabilityCheckBox can be labled
ActionCapability.setDisplayNameResourceBundleName("MyResourceBundle");
 
2
user.setCapability(capAction);
// add user to UserManager
UserManager.getGlobalUM().addUser(user);
// create an ordinary User
User noAccessUser = new User("Dummy");
 
2
// assign the capability seen above, but set to false (->access denied)
noAccessUser.setCapability(capAction.getToggled());
UserManager.getGlobalUM().addUser(noAccessUser);

Garble a User's password

Description: In order to provide password security in transactions of User data, the password of a User should be garbled. Therefor the framework provides the interface users.PassWDGarbler, which is implemented in the static User.DEFAULT_PASSWORD_GARBLER and encodes the password with the MD5 algorithm. You may feel free to define your own password garbler and use it. To get hold of it, you may use the static Field or the static method User.getGlobalPassWDGarbler, which returns the DEFAULT_PASSWORD_GARBLER by default or the garbler set by User.setGlobalPassWDGarbler(PassWDGarbler pwdg). The global password garbler is also being used when the static method User.garblePassWD(String pwd) is being called. As you can see, there are many ways to garble a password and a method to set a user's password, too: setPassWd(String pwd), setting the password as is, which means you have to garble it first, if you want it to be garbled. Remember, there is no way to retrieve a password once being set, you can only check wether a certain String equals the password, again as is, so a garbled password has to be compared to a garbled String by isPassWd(String query) of the User you are checking on. The password check is being automatically performed by the LogOnForm using the global password garbler. If needed, you may redefine the ok() of it. For more information on the LogOnForm, please refer to Use a LogOnForm.

ToDo:

  1. Garble the password.
  2. Set the password to the User.

Example Source Code:

// retrieve password from dialog
Do no hardcode the password!
 
1
String password = User.garblePassWD( givenPassword);
 
2
user.setPassWd(password);
 
// add user to UserManager
UserManager.getGlobalUM().addUser(user);
Persönliche Werkzeuge