User management, user authentication, access control, user profiles, user accounts
Anony
I am looking for existing solutions or articles that discuss
user management components for J2EE web applications.
User management:
authentication
user profiles
user registration
creates users / viewing users / deleting users
roles
role based access control
user groups
I have already found these resources:
http://www.opensymphony.com/osuser/
http://www.javaworld.com/javaworld/jw-06-2001/jw-0615-tapestry.html
BEA User management JSP tags
http://edocs.bea.com/wlcs/docs20/p13n/users.htm
http://servlet.java.sun.com/javaone/conf/bofs/1291/google-sf2001.jsp
http://www.javaworld.com/javaworld/jw-04-2000/jw-0428-websecurity.html
JAAS
http://java.sun.com/products/jaas/
AltoWeb application platform
http://www.altoweb.com/products/AWfeatures.html
http://www.imprivata.com/products-centralized.htm
http://www.tivoli.com/products/index/identity-mgr/
http://servlet.java.sun.com/javaone/conf/bofs/1484/google-sf2001.jsp
http://wwws.sun.com/software/product_categories/directory_servers_identity_m
gmt.html
http://wwws.sun.com/software/products/identity_srvr/home_identity.html
IBM Directory Server
http://www-3.ibm.com/software/network/directory/
LDAPManager and UserManager in the book
"Building Java Enterprise Applications volume I: Architecture"
http://www.oreilly.com/catalog/javentappsv1/
Oracle Single Sign On
http://www.oracle.com/ip/deploy/ias/sso/
Orion UserManagement
http://kb.atlassian.com/directory/configuration/usermanagement
http://kb.atlassian.com/content/orionsupport/articles/usermanager.html
Turbine's User interface
org.apache.turbine.om.security.User
X-Steps User Framework
http://www.xsteps.com/english/products/ejbs/userFramework.shtml
http://www.oblix.com/products/netpoint/index.html
Tivoli Access Manager
http://www.tivoli.com/products/index/access-mgr-e-bus/
BEA has these packages:
com.bea.p13n.usermgmt
com.bea.p13n.user
com.bea.p13n.usermgmt.profile
Details at:
http://edocs.bea.com/wlp/docs40/javadoc/wlp/overview-summary.html
How can I programmatically create an
access control list?
The obvious thing is to define a class that
implements java.security.acl.Acl
How can I programmatically create a
group?
I want the group to be persistent.
The OpenSymphony OSUser project is interesting:
http://www.opensymphony.com/osuser/
Resources:
http://java.sun.com/products/jaas/
JAAS package: javax.security.auth
Access control list package: java.security.acl
Classes:
javax.security.auth.Subject
java.security.Principal
java.security.acl.Owner
java.security.acl.Acl
java.security.acl.AclEntry
java.security.acl.Group
http://www.opensymphony.com/osuser/
http://www.opensymphony.com/osaccess/
BEA has a document that discusses
security management in Weblogic 7.0
http://edocs.bea.com/wls/docs70/secmanage/index.html
The document discusses: roles, users, groups,
and security policies.On the topic of "user management", these
are operations that I need in my apps:
1) password expiration policy
2) enforcement of a "strong password" policy
3) account expiration policy
4) email address verification ( activating
an account via a URL in a email message )
5) allowing a user to change his/her own password
6) allowing a user to recover a forgotten password
7) allowing an administrator to reset a user's password8) account
suspension9) password management policy (password quality, etc)
abombss
but Turbine is the framework that I use.
abombss