File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Obtaining client user id in Tomcat via Http Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Obtaining client user id in Tomcat via Http" Watch "Obtaining client user id in Tomcat via Http" New topic

Obtaining client user id in Tomcat via Http

Aj Chawla

Joined: Jul 13, 2007
Posts: 4

I need to implement SSO for a java based (JSP, struts) web application.
Iam using Tomcat as web server deployed on Windows 2003 server.

I plan to the above in follwing steps -
1. Obtain logged user information via http request.
2. Check with ADS if the user exists in the priviliged user group.
3. If I get Yes in above step then create a session and show the home page.
4. if I get No in step 2, then I show a login page and validate user through db.

Now, Iam able to perform steps 2 and beyond but only problem left is step 1. I dont know how to get the client side logged user information via Http Request.

Would appreciate suggestions on this. Also would be happy to discuss if there is any other approach on achieving SSO.

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
HttpServletRequest has the isUserInRole, getRemoteUser and getUserPrincipal methods, which tell you about the remote user if you're using web app security.

I don't see anything in your approach that does SSO, though - it looks like a login process to just a single web app.
Aryan Khan
Ranch Hand

Joined: Sep 12, 2004
Posts: 290

If you are using tomcat, it provides a SSO valve Valve.

I agree. Here's the link:
subject: Obtaining client user id in Tomcat via Http
It's not a secret anymore!