HowTos User Management

Aus Salespoint

(Unterschied zwischen Versionen)
Wechseln zu: Navigation, Suche
(Add an ActionCapability to an User)
(Add an ActionCapability to a User)
 
(Der Versionsvergleich bezieht 5 dazwischenliegende Versionen mit ein.)
Zeile 1: Zeile 1:
 +
__TOC__
===Use the UserManager===
===Use the UserManager===
Zeile 25: Zeile 26:
     }
     }
-
     public void init()
+
     public void initializeData()
     {
     {
         3
         3
Zeile 34: Zeile 35:
</code>
</code>
-
===Add an ActionCapability to an User===
+
===Add an ActionCapability to a User===
'''Description:'''
'''Description:'''
-
A Capability is used to guard Actions of an application or, and that´s the way it works, to decide wether a User is allowed to do the Action or not.
+
A Capability is used to guard Actions of an application or, and thats the way it works, to decide whether a User is allowed to do the Action (or not).
'''ToDo:'''
'''ToDo:'''
Zeile 50: Zeile 51:
'''Example Source Code:'''
'''Example Source Code:'''
<code java>
<code java>
-
  // create an User
+
  // create a User
         User user = new User("Dolores");
         User user = new User("Dolores");
Zeile 82: Zeile 83:
'''Description:'''
'''Description:'''
-
In order to provide password security in transactions of User data, the password of a User should be garbled. Therefor the framework provides the interface users.PassWDGarbler, which is implemented in the static User.DEFAULT_PASSWORD_GARBLER and encodes the password with the MD5 algorithm. You may feel free to define your own password garbler and use it.
+
In order to provide password security in transactions of User data, the password of a User should be garbled. Therefore the framework provides the interface users.PassWDGarbler, which is implemented in the static User.DEFAULT_PASSWORD_GARBLER and encodes the password with the MD5 hashing algorithm. You may feel free to define your own password garbler and use it.
 +
 
To get hold of it, you may use the static Field or the static method User.getGlobalPassWDGarbler, which returns the DEFAULT_PASSWORD_GARBLER by default or the garbler set by User.setGlobalPassWDGarbler(PassWDGarbler pwdg). The global password garbler is also being used when the static method User.garblePassWD(String pwd) is being called.
To get hold of it, you may use the static Field or the static method User.getGlobalPassWDGarbler, which returns the DEFAULT_PASSWORD_GARBLER by default or the garbler set by User.setGlobalPassWDGarbler(PassWDGarbler pwdg). The global password garbler is also being used when the static method User.garblePassWD(String pwd) is being called.
-
As you can see, there are many ways to garble a password and a method to set a user's password, too: setPassWd(String pwd), setting the password as is, which means you have to garble it first, if you want it to be garbled. Remember, there is no way to retrieve a password once being set, you can only check wether a certain String equals the password, again as is, so a garbled password has to be compared to a garbled String by isPassWd(String query) of the User you are checking on.
+
 
 +
As you can see, there are many ways to garble a password and a method to set a user's password, too: setPassWd(String pwd), setting the password as is, which means you have to garble it first, if you want it to be garbled. Remember, there is no way to retrieve a password once being set, you can only check whether a certain String equals the password, again as is, so a garbled password has to be compared to a garbled String by isPassWd(String query) of the User you are checking on.
 +
 
The password check is being automatically performed by the LogOnForm using the global password garbler. If needed, you may redefine the ok() of it. For more information on the LogOnForm, please refer to [[HowTos_Display#Use_a_LogOnForm|Use a LogOnForm]].  
The password check is being automatically performed by the LogOnForm using the global password garbler. If needed, you may redefine the ok() of it. For more information on the LogOnForm, please refer to [[HowTos_Display#Use_a_LogOnForm|Use a LogOnForm]].  
Zeile 95: Zeile 99:
<code java>
<code java>
         // retrieve password from dialog
         // retrieve password from dialog
-
         Do no hardcode the password!
+
         // do not hardcode the password!
         1
         1
-
         String password = User.garblePassWD( givenPassword);
+
         String password = User.garblePassWD(givenPassword);
         2
         2

Aktuelle Version vom 23:21, 14. Okt. 2010

Inhaltsverzeichnis

Use the UserManager

Description: The UserManager is an administration tool with a huge functionality. First of all you can store Users in it with all necessary information, even their own passwords, which you can garble (make unreadable). By assigning them certain Capabilities you can protect any possible Action of your application from unauthorized access and thereby have customers and employees administered by one UserManager.

ToDo:

  1. Make an instance of UserManager in your Shop class.
  2. Set the instance as global UserManager.
  3. If you want to add an User, get the GlobalUM and add the User to it.

Example Source Code:

public class UserShop extends Shop
{
public UserShop()
{
super();
1
UserManager userManager = new UserManager();
 
2
UserManager.setInstance(userManager);
}
 
public void initializeData()
{
3
User user = new User("Dolores");
UserManager.getInstance().addUser(user);
}
}

Add an ActionCapability to a User

Description: A Capability is used to guard Actions of an application or, and thats the way it works, to decide whether a User is allowed to do the Action (or not).

ToDo:

  1. Instantiate a new ActionCapability with
    • its name
    • the text that should be shown in case of an access denial
    • the action that is guarded by the Capability
    • true or false for the Capability to be set as granted or not
  2. Add the Capability to the User.

Example Source Code:

// create a User
User user = new User("Dolores");
 
1
ActionCapability capAction = new ActionCapability(
// name of the capability
"CapabilityName",
// acccess denied text
"Access denied text",
// guarded action
new UserCustomAction(),
// grant access
true);
// set the DisplayNameResourceBundle so the CapabilityCheckBox can be labled
ActionCapability.setDisplayNameResourceBundleName("MyResourceBundle");
 
2
user.setCapability(capAction);
// add user to UserManager
UserManager.getInstance().addUser(user);
// create an ordinary User
User noAccessUser = new User("Dummy");
 
2
// assign the capability seen above, but set to false (->access denied)
noAccessUser.setCapability(capAction.getToggled());
UserManager.getInstance().addUser(noAccessUser);

Garble a User's password

Description: In order to provide password security in transactions of User data, the password of a User should be garbled. Therefore the framework provides the interface users.PassWDGarbler, which is implemented in the static User.DEFAULT_PASSWORD_GARBLER and encodes the password with the MD5 hashing algorithm. You may feel free to define your own password garbler and use it.

To get hold of it, you may use the static Field or the static method User.getGlobalPassWDGarbler, which returns the DEFAULT_PASSWORD_GARBLER by default or the garbler set by User.setGlobalPassWDGarbler(PassWDGarbler pwdg). The global password garbler is also being used when the static method User.garblePassWD(String pwd) is being called.

As you can see, there are many ways to garble a password and a method to set a user's password, too: setPassWd(String pwd), setting the password as is, which means you have to garble it first, if you want it to be garbled. Remember, there is no way to retrieve a password once being set, you can only check whether a certain String equals the password, again as is, so a garbled password has to be compared to a garbled String by isPassWd(String query) of the User you are checking on.

The password check is being automatically performed by the LogOnForm using the global password garbler. If needed, you may redefine the ok() of it. For more information on the LogOnForm, please refer to Use a LogOnForm.

ToDo:

  1. Garble the password.
  2. Set the password to the User.

Example Source Code:

// retrieve password from dialog
// do not hardcode the password!
 
1
String password = User.garblePassWD(givenPassword);
 
2
user.setPassWd(password);
 
// add user to UserManager
UserManager.getGlobalUM().addUser(user);
Persönliche Werkzeuge