Code sample - Extending the default PASS command for sign in

The default PASS command rejects passwords for all users but anonymous. I will show how to change this behaviour to allow users to sign in.

Let's assume that the class UserProvider already exists and able to validate usernames and passwords. This class exposes the following method:

public MyUser login(String username, String password);

If a user provides a valid username and password then the method creates a new MyUser object and populates it with some user-specific info, in all other cases this method returns null.

If you open the original PassCommand you will see that it can be easily extended to provide username/password validation mechanism. Let's extend this command:

public class RegPassCommand extends PassCommand {

  protected boolean checkLogin(String username, String password) {
    UserProvider provider =
           (UserProvider) ObjectFactory.getObject("userProvider");

    MyUser user = provider.login(username, passowrd);
    if (user == null) return false;

    Session session = getConnection().getSession();
    session.setAttribute("myUser", user);
    return true;

In this example I am using the static method of the ObjectFatory to get the UserProvider bean which validates supplied usernames and passwords (another option would be to write a setter and pass this provider in your beans.xml file).

If sign in operation is a success, the command saves acquired MyUser object into user's session just in case. The parent PassCommand takes care of sending proper replies back to the user.

The only thing left to do is to insert the UserProvider bean into your beans.xml file so that it will be available through the ObjectFactory and to replace the default PASS command with the new one:

<bean id="userProvider"

<bean id="regPassCommand"

<bean id="commandFactory"
  <constructor-arg index="0">
      <entry key="USER" value="userCommand"/>
      <entry key="PASS" value="regPassCommand"/>
      <entry key="PWD" value="pwdCommand"/>

The first XML defines the UserProvider object (the class that you have to write yourself). The second XML defines a new PASS command named regPassCommand. And the final XML substitutes the value of the PASS key in the command factory with the new regPassCommand. Now if a user inputs PASS then this regPassCommand will be executed.