The Jeenius ProfileStore provides a standard interface for performing authorisation and authentication requests. The actual implementation is plugable allowing a wide variety of authorisation and authentication mechinisms to be used.
The following diagram shows the ProfileStore architecture:
 |
Client calls the authentication and authorisation methods on the ProfileStore |
The ProfileStore forwards the calls to the active implementation. |
|
The active ProfileStore implementation handles the calls. Jeenius ships with a file based profile store which stores its data in XML files and a caching profile store which can cache other profile stores to improve their performance. Other profile store implementations can be easily written. |
A client uses the ProfileStoreFactory to get an instance of the active implementation. The following code does this:
import com.mentumgroup.jeenius.profilestore.*; . . . ProfileStore store = ProfileStoreFactory.newInstance().newProfileStore();
The ProfileStoreFactory uses a JVM system property to determine which implementation to use. The property name is com.mentumgroup.jeenius.profilestore.ProfileStoreFactory and it should be set to the fully qualified calss name of the factory class for the required implementation. Other profile store specific parameters may also be passed via the JVM system properties.
The following example shows the FileProfileStore properties being based using the -D option to the JVM:
SET PROFILE_STORE_FACTORY_CLASS=com.mentumgroup.jeenius.profilestore.file.FileProfileStoreFactory SET PROFILE_STORE_FACTORY_SETTINGS=-Dcom.mentumgroup.jeenius.profilestore.file.FileProfileStoreFolder=..\etc\ java -Dcom.mentumgroup.jeenius.profilestore.ProfileStoreFactory=%PROFILE_STORE_FACTORY_CLASS% %PROFILE_STORE_FACTORY_SETTINGS% .....
Most methods on the ProfileStore require a token to be passed to them. This token identifies an authenticated user. The token is created by calling the validateUser() method. This method returns a stringified token which should be held by a client. For example:
// define string to hold token
String token = null;
try
{
// try authenticate the user
token = store.validateUser("bob","password");
}
catch( UserValidationException e)
{
// something went wrong so handle it
. . .
}
To validate a token the validateToken() method can be used. This method returns an updated token which a client should then use from that point on. This allows a profile store to have a rolling token.
The profile store interface implements an authorisation model based on users, roles and resources. A resource is something that a user can have access to for instance a file path or a function in an application. A role groups one or more resources together and a user can be assigned on or more roles. The following digram shows an example of users, roles and resources.
 |
In this diagram we have three resources, two roles and two users. Role A groups Resource A and Resource B. Role B groups Resource B and Resource C. User A is assigned Role A and Role B. User B is only assigned to Role B. This means that User A is authorised to access Resource A, Resource B and Resource C. User B can only access Resource B and Resource C. |
The hasResource() method of the profile store is used to test if the use has access to a specified resource or not. For example:
boolean canDoReport=false;
try
{
canDoReport = store.hasResource(token,"bob","reports.reporta");
}
catch(BadTokenException e)
{
// token is bad so handle error
. . .
}
catch(NotAuthorizedExceptione)
{
// user identified by token is not authorised to call hasResource
. . .
}
catch(NoSuchUserException)
{
// specfied user does not exist
. . .
}
The profile store also provides methods for saving user profile information. For example:
try
{
// set the 'some.property' property to 'some_value' for user 'bob'
store.setUserProperty(token,"bob","some.property","some_value");
// get the value of 'some.property' for user 'bob' with a default of 'default_value'
String value = store.getUserProperty(token,"bob","some.property","default_value");
}
catch(. . .)
{
. . .
}
The ProfileStore factory uses a system property named com.mentumgroup.jeenius.profilestore.ProfileStoreFactory to instantiate the correct profile store for a JVM. This property should be set to the fully qualified class name of a class that implements the ProfileStore interface. This property can be set by passing a -D parameter to the JVM on start up.
Jeenius ships with a file based profile store. This profile store is designed for use with low traffic sites. The class name for the file based profile store is com.mentumgroup.jeenius.profilestore.file.FileProfileStoreFactory. Addtionally the file based profile store requires another system property that points to the properties file for the profile store. This property is com.mentumgroup.jeenius.profilestore.file.FileProfileStoreFolder. For examples of how to set up the file based profile store see the installation section. Example properties and data files can be found in <JEENIUS>\etc.
Jeenius has a shell that allows scripts to be run that interact with a ProfileStore. In <JEENIUS>\bin\ a script named RunShell cane be found. This script starts the shell pointing it at the FileBased profile store that ships with Jeenius. Type help() at the command prompt for more information. Login as superuser with a password of secret to perform any fuctions. The exec() function can be used to execute a script for the shell. The shell uses ECMAScript (JavaScript) as it's scripting language.
The complete documentation for the ProfileStore classes can be found here