How to configure server-side authentication in CDO 3.0 or above?

Standalone CDO servers are configured using the cdo-server.xml configuration file, as explained on the CDO Wik开发者_运维技巧i. A separate wiki page has further information about configuring server-side CDO/Net4j authentication, but it is outdated as of version 3.0, as noted on the page:

[...] Note that in CDO 3.0 we have an additional, superior athentication mechanism per CDOSession (not only on Net4j IConnector level). [...]

Neither new authentication mechanism, nor its usage are explained. How do I configure server-side authentication in CDO 3.0 or above?

The new authentication mechanism introduced in CDO 3.0 is configured using the userManager element in your cdo-server.xml, for example:

<repository name="MyRepo">
    <userManager type="file" description="absolute-path-to-users-file"/>  
    ...
</repository>

The above example is using the built-in FileUserManager, which has a factory registered with the type "file". This user manager implementation authenticates users against a list of usernames and passwords stored in a flat file at the location specified in the description attribute. This file should contain the users and their passwords in the following format:

user1:pwd1
user2:pwd2

Some background on implementing you own UserManager and how this configuration mechanism was implemented is available in the Eclipse Bugzilla issue Allow configuration of authentication in cdo-server.xml.