Solved

getUserPrincipal query in jsp

Posted on 2010-09-14
8
1,793 Views
Last Modified: 2012-05-10
Hello
I'm trying to implement single sign on jsp where in the jsp should retrive the details of the user(username & password) logged into the machine.I'm using the jsp code below
the web.xml has security roles configured already


-------------------------------------------
<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>

<%@page import="javax.security.auth.callback.*,javax.security.auth.*,java.util.*,java.security.*,java.io.*,java.net.*,java.text.*,javax.servlet.http.*"%>

<%

Principal userPrincipal = request.getUserPrincipal();
String username=weblogic.security.SubjectUtils.getUsername(weblogic.security.Security.getCurrentSubject());
out.println("Logged in user >>>>> " + " " + username +"<br>");
CallbackHandler handler = new weblogic.security.SimpleCallbackHandler("xyz","uuu");
Subject mySubject = weblogic.security.services.Authentication.login(handler);
weblogic.servlet.security.ServletAuthentication.runAs(mySubject, request);
out.println("Principal " + " " + request.getUserPrincipal()+"<br>");

%>

but when I run this jsp , the principal is displayed as null for the first time and when I refresh the page it comes back with the user principal..can I know how it can retrive it in first place when I access this page..
I would also want to know how I can replace the hardcoded username & password values with something dynamic so it can use them
CallbackHandler handler = new weblogic.security.SimpleCallbackHandler("xyz","uuu");

thanks
0
Comment
Question by:kalyandm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 33674386
request.getUserPrincipal will always work.  Your problem is probably with the weblogic.security.SubjectUtils.getUsername call.

If you use this line, you'll get the username:

String username = userPrincipal.getName();

0
 

Author Comment

by:kalyandm
ID: 33693291
Hello
I tried userPrincipal.getName() but the very first time it returns null and subsequently returns the principal correctly.since this is the first jsp page that is accessed I would want to be able to get the username first time itself..please suggest
0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 33694313
If the person is not logged in, then there won't be a username.  There's nothing you can do about that.

The username can only be found once the user logs in.  Where were you thinking you would get the username if the person is not logged in?  Were you thinking it would be in the cookie or in a parameter?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:kalyandm
ID: 33699243
The user is logged in via the machine and within weblogic the security constraints are configured and a user group created , the sso configuration using kerberos with active directoy is setup.So when user logs into the machine to access the jsp the username should be available I thought ..is it not the case?

thanks
0
 
LVL 27

Expert Comment

by:mrcoffee365
ID: 33699324
It is not the case.  The servlet container has to know about the login.  Don't users have to log in to see your page?  

If users do not have to login, then you must have an action which automatically logs them in from the servlet container perspective.  Your calls to weblogic.security.services.Authentication.login and weblogic.servlet.security.ServletAuthentication.runAs are supposed to do that for you.  Do you see the user logged in after the runAs?
0
 

Author Comment

by:kalyandm
ID: 33699352
the users don't have a login page..The idea is that the sso principle where the user logs into the machine should be used to go into the application.

regarding your second question..

yes I do but for the first time it comes back as null and after i refresh the page it comes back with the correct user.I can assure you that the authentication part is fine becoz if I put any user that doesn't exist in the system it comes back with an error which is how it should be.It should take the user I supplied in weblogic.security.services.Authentication.login(handler);
 and then validate it agaianst weblogic configured group..this aprt is working fine ..my doubt is how do I get the username/password that I need to pass onto
weblogic.servlet.security.ServletAuthentication.runAs if that is possible

thanks
0
 
LVL 27

Accepted Solution

by:
mrcoffee365 earned 250 total points
ID: 33711724
In your example above, your user is not logged in until you have the hardcoded username and password.  You have to collect the username and password from the user to use this scheme.  It is unlikely that you can get the password from the weblogic environment anyway - the code you're using is for the case where you have decided to write your own login page, and you are handing the username and password to the weblogic security system.

So no, you can't collect the username and password without asking the user.  Which means making a login form and having them fill it in.

If you haven't already read it, the book Weblogic: The Definitive Guide is helpful on this topic:
http://flylib.com/books.php?ln=en&n=2&p=107&c=26&p1=1&c1=1&c2=187&view=1


0
 

Author Closing Comment

by:kalyandm
ID: 33830747
it partly answered my query
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EJB MDB example 4 92
servlet cookie finding by name 1 95
I get error: useBean: Duplicate bean name: {0} 1 174
login form jsp example 2 68
Determining the an SCCM package name from the Package ID
The goal of this blog is: - To define the incident management process - To go over the key elements of an incident management system - To look into incident alert management tools that integrate with ConnectWise.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question