Two Laptop Bag*
The moose likes Security and the fly likes Obtaining client user id in Tomcat via Http Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Obtaining client user id in Tomcat via Http" Watch "Obtaining client user id in Tomcat via Http" New topic
Author

Obtaining client user id in Tomcat via Http

Aj Chawla
Greenhorn

Joined: Jul 13, 2007
Posts: 4
Hi,

I need to implement SSO for a java based (JSP, struts) web application.
Iam using Tomcat as web server deployed on Windows 2003 server.

I plan to the above in follwing steps -
1. Obtain logged user information via http request.
2. Check with ADS if the user exists in the priviliged user group.
3. If I get Yes in above step then create a session and show the home page.
4. if I get No in step 2, then I show a login page and validate user through db.

Now, Iam able to perform steps 2 and beyond but only problem left is step 1. I dont know how to get the client side logged user information via Http Request.

Would appreciate suggestions on this. Also would be happy to discuss if there is any other approach on achieving SSO.

Thanks
-Aj
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41083
    
  43
HttpServletRequest has the isUserInRole, getRemoteUser and getUserPrincipal methods, which tell you about the remote user if you're using web app security.

I don't see anything in your approach that does SSO, though - it looks like a login process to just a single web app.


Ping & DNS - my free Android networking tools app
Aryan Khan
Ranch Hand

Joined: Sep 12, 2004
Posts: 290

Hi,
If you are using tomcat, it provides a SSO valve Valve.


OCP/MCP/SCJP/SCWCD/IBM XML/SCMAD/SCEA-1
 
Consider Paul's rocket mass heater.
 
subject: Obtaining client user id in Tomcat via Http
 
Similar Threads
Implementing Single Sign On
pre or post filter j_security_check
Session state help
Extract SOAP object from HttpServletRequest
Propagating client identity