The Carbon Java Framework  

The Carbon User Security Module

Carbon User Manager Module Design

Printer Friendly Version

Author: Jordan Reed (jreed at sapient.com)
Version:
Created:

Overview

Purpose

This document describes the User Management API. This API provides an implementation generic way of managing collections of users, credentials and groups and associations between them. It solves the problem of managing user stores independent of the store implementation because in the J2SE/J2EE model it is left up to implementation specific tools to manage the store.

The only redementary authentication and authorization service is provided. Applications and application servers provide their own interface for authenticating and authorization a user. Adapter classes must be built for specific applications and application servers to allow them to connect against this service. Depending on the user store, many application servers may have prebuilt auth services (such as LDAP).

Who needs it and why

All applications which require the ability to manipulate the user store. This includes actions such as adding/removing a user or group and associating a user to a group. It provides an implementation view into the user store (RDBMS or LDAP or other).

Dependencies

The generic interface has no dependencies. Various implementations may depends on other services.

Standard Usage

Provided Implementations

For detailed documentation on the configuration and use of various implementations please see:

Component Configuration

Configuration of this component is dependent on the different implementations. Please look at the usage documentation for the specific user stores to see how to properly configure a component.

Code Example

/**
 * Example code on how to use the user manager service
 */

public static final String STANDARD_RDBMS_USERMANAGER =
    "/security/management/test/RdbmsUserManager";

UserManager userManager =
    (UserManager) Lookup.getInstance().fetchComponent(STANDARD_RDBMS_USERMANAGER);

Principal user = userManager.createUser("username", "password");
userManager.updateCredential(user, "newpassword");
Group group = userManager.createGroup("groupname");
userManager.addPrincipalToGroup(user, group);
userManager.removePrincipalFromGroup(user, group);
userManager.removeUser(user);
userManager.removeGroup(group);

JMX Usage

JMX Adapter Overview

Provided as an additional service is a JMX Adapter service. This service wraps the functionality of the standard User Service with methods that take simple object parameters. This allows management of the user store through JMX consoles.

JMX Adapter Configuration

JMX Configuration has only a single value to reference a UserManager service.

<Configuration ConfigurationInterface="org.sape.carbon.services.security.management.UserManagerJmxAdapterConfiguration">
    <FunctionalInterface>
      org.sape.carbon.services.security.management.UserManagerJmxAdapter
    </FunctionalInterface>
    <FunctionalImplementationClass>
      org.sape.carbon.services.security.management.DefaultUserManagerJmxAdapterImpl
    </FunctionalImplementationClass>

    <UserManager>ref:///security/management/test/RdbmsUserManager</UserManager>
</Configuration>

Copyright © 2001-2003, Sapient Corporation