Trace: • Using DBSecurityManager
User authentication is a common requirement for business applications. Although it is a fairly simple task, implementation is often anything but easy. The more an application has to be integrated into an existing infrastructure, the more complex the implementation can be, e.g., single sign on.
The JVx framework allows the integration of any authentication system. The security manager concept allows the use of a new system at any time.
XmlSecuritymanager and DBSecurityManager have already been implemented. The DBSecurityManager checks a username and password against a user table in the database.
This table can be defined as follows:
- create.sql
CREATE TABLE USERS ( ID INTEGER IDENTITY, USERNAME VARCHAR(255) NOT NULL, PASSWORD VARCHAR(255) NOT NULL, CHANGE_PASSWORD CHAR(1) DEFAULT 'N', VALID_FROM TIMESTAMP, VALID_TO TIMESTAMP, ACTIVE CHAR(1) DEFAULT 'Y', FIRST_NAME VARCHAR(20), LAST_NAME VARCHAR(20), EMAIL VARCHAR(255), PHONE VARCHAR(20), CONSTRAINT USR_PK PRIMARY KEY(ID), CONSTRAINT USR_NAME_UK UNIQUE(USERNAME) )
The config.xml has to be adapted to enable the use of the security manager:
- config.xml
<application> ... <securitymanager> <class>com.sibvisions.rad.server.security.DBSecurityManager</class> <database> <url>jdbc:derby://localhost:1527/demo</url> <username>user</username> <password>pwd</password> </database> </securitymanager> ... </application>
Everything else is handled by JVx:
- Verifying the username
- Verifying the password
- Verifying validity
- Verifying activation
For the implementation of alternative authentication systems, see Implementing the Security Manager.