getAndValidateUser & isUserValid

[ConvertFromOldNGs]

by Iain S. Kerr >> Tue, 24 Apr 2001 2:23:35 GMT

Hi
Can anyone tell me what these methods actually do on an NT Box.

The help system obviously assumes that one knows the answer and therefore understand what to do with them.

I suspect it is going into the NT domain system and checking if the user is there or not?

Am I correct?

Iain S. Kerr

[ConvertFromOldNGs]

by Krull >> Tue, 24 Apr 2001 5:58:47 GMT

Hi Iain,

Do you have access to the JADE object manager guide, which is one of the standard hard-copy JADE manuals? The section on User-Validation support in the JADE Object Manager security section provides a bit of an overview on the purpose and the usage of these methods. The default implementations of these methods don't implement any security whatsoever, they are intended to provide 'security hooks'; you hook into the mechanism by reimplementing the methods in a user sub schema.

If you don't have access to that JOM manual, I can post a copy of the relevant section here.

The default getAndValidateUser method is defined and implemented in the RootSchemaGlobal global class of the Root Schema. On all supported O/Ss, the default implementation simply manufactures a usercode that consists of the login account name suffixed with the operating system process ID, and returns this "manufactured usercode", a null password, and a result of true. On NT it doesn't do any validation against a PDC or local security system.

The default implementation of isUserValid unconditionally returns true.

[ConvertFromOldNGs]

by Iain S. Kerr >> Tue, 24 Apr 2001 4:16:14 GMT

I have read all of that section but still have no clue as to what they are supposed to be for.

I have written my own Security mechanism with Roles and privileges etc which took me quite some time
but I was just curious in case I missed something important.

Iain

[ConvertFromOldNGs]

by Craig Shearer >> Wed, 25 Apr 2001 20:05:41 GMT

Hi Iain

There are two ways of implementing logon security in JADE:

1. The JADE way, which is what you've discovered with the getAndValidateUser and isUserValid methods
2. The way you've done it which is to do logon etc. after the application has started - i.e. as a part of the application's normal code. This seems to be the way most people do it.

The JADE way as documented (one could hardly say explained!) in the manuals actually validates the user BEFORE the application starts, which is more secure. There are theoretical holes in doing it the other way - but, I believe, only if you're running a fat client system. I don't believe that thin client has these holes.

I have implemented both systems, and my standard implementation now is to use the JADE methods for user logon etc. But it is harder to write these - for a start, these methods cannot be debugged as they execute before the application (and hence the debugger) starts. A real challenge!

For a more helpful guide to developing these methods, Elizabeth Post's book has some helpful hints.

Best of luck
Craig.