User management, user authentication, access control, user profiles, user accounts

[Anony]

I am looking for existing solutions or articles that discuss
user management components for J2EE web applications.

User management:

authentication
user profiles
user registration
creates users / viewing users / deleting users
roles
role based access control
user groups

I have already found these resources:

http://www.opensymphony.com/osuser/

http://www.javaworld.com/javaworld/jw-06-2001/jw-0615-tapestry.html

BEA User management JSP tags
http://edocs.bea.com/wlcs/docs20/p13n/users.htm

http://servlet.java.sun.com/javaone/conf/bofs/1291/google-sf2001.jsp

http://www.javaworld.com/javaworld/jw-04-2000/jw-0428-websecurity.html

JAAS
http://java.sun.com/products/jaas/

AltoWeb application platform
http://www.altoweb.com/products/AWfeatures.html

http://www.imprivata.com/products-centralized.htm

http://www.openldap.org/

http://www.tivoli.com/products/index/identity-mgr/

http://www.passport.com/

http://servlet.java.sun.com/javaone/conf/bofs/1484/google-sf2001.jsp

http://www.netegrity.com/

http://wwws.sun.com/software/product_categories/directory_servers_identity_m
gmt.html

http://wwws.sun.com/software/products/identity_srvr/home_identity.html

IBM Directory Server
http://www-3.ibm.com/software/network/directory/

LDAPManager and UserManager in the book
"Building Java Enterprise Applications volume I: Architecture"
http://www.oreilly.com/catalog/javentappsv1/

Oracle Single Sign On
http://www.oracle.com/ip/deploy/ias/sso/

Orion UserManagement
http://kb.atlassian.com/directory/configuration/usermanagement
http://kb.atlassian.com/content/orionsupport/articles/usermanager.html

Turbine's User interface
org.apache.turbine.om.security.User

X-Steps User Framework
http://www.xsteps.com/english/products/ejbs/userFramework.shtml

http://www.oblix.com/products/netpoint/index.html

Tivoli Access Manager
http://www.tivoli.com/products/index/access-mgr-e-bus/

BEA has these packages:

com.bea.p13n.usermgmt
com.bea.p13n.user
com.bea.p13n.usermgmt.profile

Details at:

http://edocs.bea.com/wlp/docs40/javadoc/wlp/overview-summary.html

How can I programmatically create an
access control list?

The obvious thing is to define a class that
implements java.security.acl.Acl

How can I programmatically create a
group?

I want the group to be persistent.

The OpenSymphony OSUser project is interesting:

http://www.opensymphony.com/osuser/

Resources:

http://java.sun.com/products/jaas/

JAAS package: javax.security.auth

Access control list package: java.security.acl

Classes:

javax.security.auth.Subject

java.security.Principal

java.security.acl.Owner

java.security.acl.Acl

java.security.acl.AclEntry

java.security.acl.Group

http://www.opensymphony.com/osuser/

http://www.opensymphony.com/osaccess/

BEA has a document that discusses
security management in Weblogic 7.0

http://edocs.bea.com/wls/docs70/secmanage/index.html

The document discusses: roles, users, groups,
and security policies.On the topic of "user management", these
are operations that I need in my apps:

1) password expiration policy
2) enforcement of a "strong password" policy
3) account expiration policy
4) email address verification ( activating
an account via a URL in a email message )
5) allowing a user to change his/her own password
6) allowing a user to recover a forgotten password
7) allowing an administrator to reset a user's password8) account
suspension9) password management policy (password quality, etc)

[abombss]

It seems like you have some good stuff, I know it is already on your list,
but Turbine is the framework that I use.

abombss