Business Logic, Part 2
Getting To It
You're now ready to look at the code that composes the UserManager component, and everything will become crystal clear. As always, I start with the remote interface. This is very similar to the OfficeManager interface in the standard methods that it provides for working with Forethought users. However, as users are a bit different than other Forethought entities, you will notice a few extra methods, as shown in the code listing in Example 8-4. In addition to providing two flavors of user creation (one with an office, and one without), there are methods to authenticate a user and to change a user's password. Both of these deal specifically with the authentication credentials of a user, and are common tasks in any application in which security is used. Of course, these are fairly trivial "pass-through" style methods, in which calls are made to the LDAPManager component to achieve the requested result.
Example 8-4: The UserManager Remote Interface
package com.forethought.ejb.user;
import java.rmi.RemoteException;
import javax.ejb.EJBObject;
// Office bean
import com.forethought.ejb.office.OfficeInfo;
// UserType bean
import com.forethought.ejb.userType.UnknownUserTypeException;
// LDAPManager component
import com.forethought.ldap.UserNotFoundException;
public interface UserManager extends EJBObject {
public UserInfo get(String username) throws RemoteException;
public UserInfo add(String username, String password,
String firstName, String lastName,
String userType)
throws RemoteException, UnknownUserTypeException;
public UserInfo add(String username, String password,
String firstName, String lastName,
String userType, OfficeInfo officeInfo)
throws RemoteException, UnknownUserTypeException;
public void update(UserInfo userInfo)
throws RemoteException, UnknownUserTypeException;
public boolean setPassword(String username, String oldPassword,
String newPassword)
throws RemoteException, UserNotFoundException;
public boolean authenticate(String username, String password)
throws RemoteException, UserNotFoundException;
public boolean delete(String username) throws RemoteException;
public boolean delete(UserInfo userInfo) throws RemoteException;
}
Example 8-5 shows the home interface for the UserManager component.
Example 8-5: The UserManager Home Interface
package com.forethought.ejb.user;
import java.rmi.RemoteException;
import javax.ejb.CreateException;
import javax.ejb.EJBHome;
public interface UserManagerHome extends EJBHome {
public UserManager create( ) throws
CreateException, RemoteException;
}
Note that several of these methods throw a UserNotFoundException; I mentioned this class and its use in Chapter 7. However, I left the details of putting the class into use in the LDAPManager component to you, as an exercise. Here's my modified version of the isValidUser( ) method on that class, which issues this exception if authentication is attempted with a nonexistent username:
public boolean isValidUser(String username, String password)
throws UserNotFoundException {
try {
DirContext context =
getInitialContext(hostname, port, getUserDN(username),
password);
return true;
} catch (NamingException e) {
// See if this was a missing user
if (e instanceof javax.naming.AuthenticationException) {
javax.naming.AuthenticationException ae =
(javax.naming.AuthenticationException)e;
if (ae.getResolvedObj( ) == null) {
throw new UserNotFoundException(username);
}
}
// Any error indicates couldn't log user in
return false;
}
}
There are certainly other ways to handle this problem that return the same result, but this was the simplest I found. Since users with invalid passwords will have related resolved objects, a test against null determines if the authentication problem was in the supplied password or the supplied username. You should make an equivalent change in your own LDAPManager component before coding the UserManager's implementation class.