• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

SSO and groups management

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi.

I am using a custom SSO implementation and I would need to assign groups to users (while registering or while logging in), according to my identity repository.

What should I do ?

Yvan

[originally posted on jforum.net by yjanet]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have just seen in the GenericUserDAO that groups may be added by using


I guess I need to implement my own UserDAO to assign the right groups instead of the default one or do I only need to work only with the SSOUtils and add something like this :


(I mean, which way is cleaner ?)
[originally posted on jforum.net by yjanet]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A lot depends on your application needs. In general, if you have a small number of fairly static groups that you need to map to jForum groups, then handling it in the SSO implementation is fine. Just use the existing DAO structure to add the user to the matching jForum group.

One thing to think about is if you want the SSO system to validate group membership with each call. E.g., removing people from jForum groups when they are removed from the overall application group.

Take a look at the admin UserAction.groupsSave method for details on how to do this. Note that you will also have to deal with the SecurityRepository, e.g. removing the user so that it is refreshed with the new info.

On the other hand, if you have a large number of dynamic application groups that you need to map into jForum groups, then you probably want to look at writing your own DAO implimentations. This lets you populate the user and group entity objects with info from your main application mixed with jForum tables.

Be warned that this is not for the faint of heart. There are a lot of little "fiddly bits" that need understood and planned for.
[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks a lot.

I think I'm going to do it with the current DAO structure, making this more evolvable.
As I already have my SSO module, I think I just have to enhance it a bit.

Yvan
[originally posted on jforum.net by yjanet]
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic