...
So that it can stand-alone without an external user repository, Roller stores
users and role information in it's own database tables. <code>
Code Block |
---|
create table rolleruser |
...
( id varchar(48) not null primary key, |
...
username varchar(255) not null, |
...
passphrase varchar(255) not null, |
...
screenname varchar(255) not null, |
...
fullname varchar(255) not null, |
...
emailaddress varchar(255) not null, |
...
activationcode varchar(48), |
...
datecreated timestamp not null, locale varchar(20), |
...
timezone varchar(50), |
...
isenabled boolean not null ) create table userrole ( id varchar(48) not null primary key, |
...
rolename varchar(255) not null, |
...
username varchar(255) not null, |
...
userid varchar(48) not null |
...
)
|
There are two distinct roles:
...
Reduce the User class down to just two fields, id and username. Everything
else goes into a new UserProfile class. UserProfiles can be stored externally
so Roller should obtain them through a new User Respotory API<code>
Code Block |
---|
User Respository API, part 1/2 |
...
UserRespository interface |
...
methods public UserProfile getUserProfile(String userid) |
...
public void saveUserProfile(UserProfile userProfile) |
...
UserProfile bean |
...
properties
username
password
screenName
emailAddress
locale
timezone
biography
etc.
|
Roller authentication is manages via Acegi
...
These rules in Acegi's configuration (security.xml) file govern URI based
authorization used in Roller.<code>
Code Block |
---|
/roller-ui/login-redirect**=admin,editor |
...
/roller-ui/profile**=admin,editor |
...
/roller-ui/createWeblog**=admin,editor |
...
/roller-ui/menu**=admin,editor |
...
/roller-ui/authoring/**=admin,editor |
...
/roller-ui/admin/**=admin |
...
/rewrite-status*=admin |
...
|
The Problem? There's no problem here. When operating without Acegi, Roller will
have to be configured with a web.xml file that specifies those contraints.
...
The RollerSession provides access to the session's authenticated user: <code>
Code Block |
---|
public User getAuthenticatedUser() |
...
|
The User object provides read/write access to user's roles: <code>
Code Block |
---|
public boolean hasRole(String roleName) |
...
public void grantRole(String roleName) |
...
public Set getRoles() |
...
|
As of Roller 4.0, Roller calls hasRole() for one reason, to ensure that only
those with the admin role can:
...
UserManager interface methods <code>
public boolean
Code Block |
---|
public boolean isUserInRole(String username) |
...
public Set<String> getUserRoles(String username) |
...
public void revokeRole(String userid, String rolename) |
...
public void grantRole(String userid, String rolename) |
<code>And instead of calling role-related methods on the user object, Roller code
should use either request.isUserInRole() or the isUserInRole() method provided
by the UserManager.
...
UserRespository interface methods <code>
public boolean
Code Block |
---|
public boolean isUserInRole(String username) |
...
public Set<String> getUserRoles(String username) |
...
public void revokeRole(String userid, String rolename) |
...
public void grantRole(String userid, String rolename) |
...
|
Roller will include a User Repository API that stores data in the Roller
database. Other implementations can be plugged in via DI.
...