1. Documentation
  2. Portofino 3 (older versions)
  3. Tutorials
  4. Getting started with the user management

Getting started with the user management

Heads up! These docs are for Portofino 3, which is a legacy product. Check out Portofino 4!

Posted by Giampiero Granatella
on 29th January, 2010


This is the first tutorial of the user management series in Portofino. Any real information system has users and permissions. Users are the real people who will access the system's data. Permissions are the set of rules that determine that access to data. Overall, this is called user management. In this tutorial we are going to model users in Portofino and configure the portofino-custom.properties to activate them.

Since version 3.0, Portofino adds new functionality in this area, including more detailed profiles, more flexible authentication and improved communication through automatic emails.

Contents

  1. Creating the data model
    1. 1.1 Class listeners
  2. Configuration
    1. 2.1 Enabling user management parameters
    2. 2.2 Security parameters
    3. 2.3 Email parameters
  3. Enabled functionality
  4. Further readings

Creating the data model

Managing users and authentication requires a data model. At the very least, we should have a class to store user credentials (username and password). Also, groups and group membership should be stored somewhere.

We could start modeling such classes from scratch, but to make life easier, Portofino can create a predefined model at the press of a button. Specifically, you have to do the following steps:

  1. go upstairs,
  2. click on the "Meta user groups" tab, 
  3. click on "create user model" link.

Portofino takes you to a page where it points out the operations it performs.

Portofino created the following classes:

  • "User", to store user credentials (login, password and email attributes) and user life-cycle information (state, creation date, etc).
  • "UserGrp" and "User_UserGrp" classes, to store Portofino groups and to associate them to users.
  • "OldPwd", to store old passwords and avoid password reuse.
  • "EmailQueue", to store the outgoing email queue.

And it sets the permissions on these so that, for example, a user cannot modify another user's profile unless he is an administrator.

Portofino creates the default user "admin" with password "admin" and the default groups: "Users" and "User administrators". 
Since 3.0, for greater security,  passwords are saved encrypted in the database.

Class listeners

Class listeners are an advanced feature. This section is for expert Portofino users. If you click on the "Classes" tab and inspect the newly created model, in the class "User" you'll find two class listeners:

  • "add to User group", used to automatically associate a user to the "User" group
  • "check email and login", used to avoid duplication of login or email for different users.

 

Configuration

Once you've create the user data model, you still have to configure the system to use it properly. Locate the portofino-custom.propeties file you used during the installation and follow the instructions below.

Enabling user management parameters

Add or edit the following line:

model.users.enabled=true

As an optional configuration you may want to disable anonymous access to the system:

model.users.anonymous.enabled=false

This will force users to log onto the system before they can start using it.
Save the file, then restart the application server to make the changes effective.

Security parameters

Since 3.0 Portofino has a new set of parameters to configure the desired level of security.
Some parameters set the password strength and the account usage properties. For example we could set:

model.users.pwd.minlength=6
model.users.pwd.expiry.days=60
model.users.pwd.keep.old.number=2
model.users.pwd.attempts.maxnumber=3
model.users.pwd.inactivity.maxdays=30

With these parameters we'll have passwords that:

  • have, at least, six characters, 
  • expire after 60 days (afterwards users have to change them)
  • cannot be the same as the user's previous two password (in this way, password are not reused too frequently).

Moreover a user's account is suspended if:

  • if the user enters a wrong password three times in a row during login, or
  • if a user doesn't log in for more than 30 days.

Email parameters

Portofino uses email to send automatic notifications to users. For example let's configure Portofino for an email account on Gmail.

mail.smtp.host=smtp.gmail.com
mail.smtp.port=465
mail.smtp.login=your_account@gmail.com
mail.smtp.password=your_password
mail.smtp.ssl.enabled=true
mail.sender=your_account@gmail.com

Notice that we've chosen this example because Gmail uses SSL and an unusual port number. You can and should customize the setting for your specific account. 

Enabled functionality 

With the just created portofino-custom.properties we have enabled a considerable set of functionality (see a complete list in the reference), these are:
For users:

  • login/logout
  • Change password
  • Password recovery

For administrators:

  • Insert User
  • Manage user state
  • Reset password
  • Users and groups

For now, you can experiment with the functionality on your own.

Further readings 

Read the next tutorial "Basic use cases for User Management".

 As a further reading I suggest:

With Portofino 4 you can create a webapp in 30 seconds from an existing database. Watch the video