RE: Username and Password
Hi All, Thanks for your responses. They were very helpful. Joanne
RE: Username and Password
Would you please take me off your email list. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Christian, Joanne Sent: Wednesday, February 06, 2002 9:30 AM To: Orion-Interest Subject: Username and Password HI All, I'm new to J2EE and Orion. I have set up form-based authorization using DataSourceUserManager. Super! From my initial jsp and/or servlet (not the login page), I would like to access the username of the person who just logged in. How can I do this? I have tried to get attributes from the ServletContext an the session. I have also tried various other things I'd rather not mention . . . So: How can I access the values of j_username and j_password once the user has been logged in? Also, where and what is j_security_check? Thanks, Joanne
RE: Username and Password
Most of this material is not specific to Orion but defined in the J2EE specs. Part of the process is that j_username, etc are effectively 'special values' recognized by the app server when doing authentication, so you really won't ever have access to these values. But since it is defined in the spec there are very simple and standardized ways of getting some information. request.getRemoteUser() will tell you the username of the current login, and request.isUserInRole(somegroup) will tell you if the user is in a particullar role. I don't belive there is any standard way to find their password though (and you probably wouldn't want there to be if you were security minded). -Original Message- From: Christian, Joanne [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 9:30 AM To: Orion-Interest Subject: Username and Password HI All, I'm new to J2EE and Orion. I have set up form-based authorization using DataSourceUserManager. Super! From my initial jsp and/or servlet (not the login page), I would like to access the username of the person who just logged in. How can I do this? I have tried to get attributes from the ServletContext an the session. I have also tried various other things I'd rather not mention . . . So: How can I access the values of j_username and j_password once the user has been logged in? Also, where and what is j_security_check? Thanks, Joanne
RE: Username and Password
HttpServletRequest.getUserPrincipal().getName() should do the trick. Jeff Schnitzer [EMAIL PROTECTED] -Original Message- From: Christian, Joanne [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 9:30 AM To: Orion-Interest Subject: Username and Password HI All, I'm new to J2EE and Orion. I have set up form-based authorization using DataSourceUserManager. Super! From my initial jsp and/or servlet (not the login page), I would like to access the username of the person who just logged in. How can I do this? I have tried to get attributes from the ServletContext an the session. I have also tried various other things I'd rather not mention . . . So: How can I access the values of j_username and j_password once the user has been logged in? Also, where and what is j_security_check? Thanks, Joanne
RE: Username and Password
You can get the user name for the request like this: request.getRemoteUser() I think, by design, you are not able to get the password from the container. You can however, use the request.isUserInRole() method to see what role they are in. Otherwise, you'll need to access your DB for the password. Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Christian, Joanne Sent: Wednesday, February 06, 2002 12:30 PM To: Orion-Interest Subject: Username and Password HI All, I'm new to J2EE and Orion. I have set up form-based authorization using DataSourceUserManager. Super! From my initial jsp and/or servlet (not the login page), I would like to access the username of the person who just logged in. How can I do this? I have tried to get attributes from the ServletContext an the session. I have also tried various other things I'd rather not mention . . . So: How can I access the values of j_username and j_password once the user has been logged in? Also, where and what is j_security_check? Thanks, Joanne
RE: Username and Password
Dear Joanne, String username = request.getRemoteUser(); That does the trick for me. As far as the password, this is what I do. Protect a servlet or jsp(lets say /login) where you want to get the vital information from within your web.xml. Since you have already used form-based authorization...you know how to do this. Lets say the servlet is /login, from within the post (because all processing of form-based stuff is post) processing, you can do this: String username = request.getRemoteUser(); String password = request.getParameter(j_password); And then you can do stuff with this (for example, encrypt the password and username, and create some authorization cookies). After you do stuff, you can forward to other protected resources. This is all assuming you already have a user. If you want to programatically create a user, you use the roleManager interface to do this (by using roleManager, you can change your usermanager later without having to change any code). RoleManager manager = (RoleManager)new InitialContext().lookup(java:comp/RoleManager); Principal principal = manager.createPrincipal(username,password,) you can also add principals to various roles with manager.addToRole(principal,role); or remove from role manager.removeFromRole(principal,role); You can even programatically log somebody in... manager.login(username,password); or even remove the user manager.remove(principal); Its really quite flexible. A little like JAAS, but easier to use. Regards, the elephantwalker www.elephantwalker.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Christian, Joanne Sent: Wednesday, February 06, 2002 9:30 AM To: Orion-Interest Subject: Username and Password HI All, I'm new to J2EE and Orion. I have set up form-based authorization using DataSourceUserManager. Super! From my initial jsp and/or servlet (not the login page), I would like to access the username of the person who just logged in. How can I do this? I have tried to get attributes from the ServletContext an the session. I have also tried various other things I'd rather not mention . . . So: How can I access the values of j_username and j_password once the user has been logged in? Also, where and what is j_security_check? Thanks, Joanne
