aspose file tools*
The moose likes Servlets and the fly likes request. get User Principal(). getName() do not retreive user name Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "request. get User Principal(). getName() do not retreive user name" Watch "request. get User Principal(). getName() do not retreive user name" New topic
Author

request. get User Principal(). getName() do not retreive user name

carina caoor
Ranch Hand

Joined: Jun 23, 2007
Posts: 300

Hi in my application i want to secure my jsp pages, i dont want the pages to be viewed directly by copying the url in short i want to make them password protected unless a user sign in user cannot see the further pages, in order to achieve this i added security-constraint in my web.xml

web.xml


and my tomcat-users.xml



now when i log in the appliction with username admin i am unable to see the page http://loclhost:8080/BankBoard/secure/welcomepage.

also in my UserValidation Servlet when i try to print the username
System.out.print(request.getUserPrincipal().getName()) it does not display the username rather its a blank space also the if(request.isUserInRole("admin")) does not results true.

any suggestions please..

[ Edited to fix code tags - Paul Sturrock ]
[ October 07, 2008: Message edited by: Paul Sturrock ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42611
    
  65
What does "i am unable to see the page" mean? What response does the server return?

What does "request.getRemoteUser()" return?


Ping & DNS - my free Android networking tools app
carina caoor
Ranch Hand

Joined: Jun 23, 2007
Posts: 300

when i enter the URL http://loclhost:8080/BankBoard/secure/welcomepage it says
"Internet Explorer cannot display the webpage

Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address. "

and it shows a blank line when i print System.out.println("the user name"+request.getUserPrincipal().getName()) it is not even showing the phrase "the username"

also the if loop is not validating to be true
if(request.isUserInRole("admin"))
System.out.println("admin");

it is not printing "admin" instead a blank line is shown..

request.getRemoteUser() prints null
[ October 07, 2008: Message edited by: ruquia tabassum ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42611
    
  65
Does the application work if you remove all the security stuff from web.xml?

I noticed that the <security-role> tag looks incomplete, or was that just a copy/paste mistake?
carina caoor
Ranch Hand

Joined: Jun 23, 2007
Posts: 300

yeah it work fine if i remove all the security stuff
its a copy paste mistake

web.xml
[code]

<security-constraint>
<web-resource-collection>
<web-resource-name>admin</web-resource-name>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>

</security-constraint>

<security-role>
<role-name>admin</role-name>
</security-role>
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42611
    
  65
You also have a login-config tag in the web.xml, correct? And HTTPS in general is working fine?
carina caoor
Ranch Hand

Joined: Jun 23, 2007
Posts: 300

no i did not add a <login-config> element , the way its getting authenticated is once the user enters username and password and clicks LogOn button UserValidation Servlet authenticate the user credentials refering to the entries in the database.
The application is not working with HTTPS..with http://localhost:8080/BankBoard it shows login page
with https://localhost:8080/BankBoard it says
"Internet Explorer cannot display the webpage

Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address. "
[ October 07, 2008: Message edited by: ruquia tabassum ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42611
    
  65
Without a login-config element the other authentication tags won't take effect.

But it sounds anyway like you need to get HTTPS working first. See http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html for how to do that.
carina caoor
Ranch Hand

Joined: Jun 23, 2007
Posts: 300

My Https is working now ..
on accessing the page https://localhost:8443/BankBoard/secure/welcomepage
it says

"HTTP Status 403 - Access to the requested resource has been denied

type Status report

message Access to the requested resource has been denied

description Access to the specified resource (Access to the requested resource has been denied) has been forbidden."

where as https://localhost:8443/BankBoard displays the login page


[ October 07, 2008: Message edited by: ruquia tabassum ]
[ October 07, 2008: Message edited by: ruquia tabassum ]
carina caoor
Ranch Hand

Joined: Jun 23, 2007
Posts: 300

a bit confused wether the user credentials entered are to be checked refering database or leave it on form based authentication which cheks it referring the tomcat-users.xml file?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42611
    
  65
Originally posted by ruquia tabassum:
a bit confused wether the user credentials entered are to be checked refering database or leave it on form based authentication which cheks it referring the tomcat-users.xml file?


That depends on how you have configured it in the server.xml file. Somewhere in it is a <Realm> element that specifies which realm implementation is used.
carina caoor
Ranch Hand

Joined: Jun 23, 2007
Posts: 300

server.xml file contains the database realm
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>

actually i want my login page to give an alert message when there is a wrong username and password for that on clicking logon it makes ajax calls and the responsible servlet checks the credentials referring database, based on the servlet response i am directing the control either to welcome page or raising a popup.As welcome page is secure so i dont want the direct access to that page and i employed form based authentication... now whenever i try to acces the welcome page it gives me the unformatted login page with username and password fields scattered here and there.
please give me a clear picture of form based authentications...
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42611
    
  65
You can make the login page anything you want (in terms of the HTML), but if you want to use AJAX calls for checking credentials, then that's not supported by the standard security built into the container.

You can use a database instead of the XML file by switching to some other realm, maybe JDBCRealm or DataSourceRealm. The Tomcat documentation explains how to set those up.
carina caoor
Ranch Hand

Joined: Jun 23, 2007
Posts: 300

i modified my server.xml file as
server.xml
[code]

<Realm className="org.apache.catalina.realm.JDBCRealm"
debug="99" driverName="net.sourceforge.jtds.jdbc.Driver"
connectionURL="jdbc:jtds:sqlserver://DCSRV02:1433/REGISTRATION_TEMP_LTR_PRINT;username=sa;password=water"
connectionName="sa" connectionPassword="water"
userTable="login1" userNameCol="loginname" userCredCol="password"
userRoleTable="loginuser" roleNameCol="role"
/>


and my Login.jsp which has flash contents,input fields..
Login.jsp
[code]
<BODY bgcolor="#ffffff" onlod="GetUserMachineName();">
<FORM METHOD="POST" NAME="homeform" action="j_security_check">
<div ID=firstbar > </div>
<div ID=secondbar >
<label ID=welcomelabel >
Welcome To BankBoard </label>
</div>

<label ID=enterlabel >
Enter Your Login Information and click LogOn </label>
<label ID=system >System</label>
<input ID=inputsystem type="text" name="system"><BR>

<label ID=uname >User Name</label>
<input ID=inputuname type="text" name="j_username"><BR>
<label ID=password >Password</label>
<input ID=inputpassword type="password" name="j_password">
<input type="submit" value="LogOn" ID=logon onclck="homeFieldValidation();" >

</FORM>


Now on accessing https://localhost:8443/BankBoard/ it has an achor tag that take to Login.jsp, on entering the credentials and clicking button LogOn it again shows the login page which is unformatted without flash contents input fields scattered with the link https://localhost:8443/BankBoard/secure/welcomepage in address bar.
[ October 08, 2008: Message edited by: ruquia tabassum ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: request. get User Principal(). getName() do not retreive user name