Topic
4 replies Latest Post - ‏2010-12-08T14:13:07Z by awpl
awpl
awpl
7 Posts
ACCEPTED ANSWER

Pinned topic How to pass/send the logged user name and details to my custom widget?

‏2010-11-17T15:45:23Z |
Hi,

I'm very new to this ECM Widgets. I'm currently building a custom widget using 4.5.1,

here i've a requirement to send the current business space logon user id to keep some auditing information.

so, How to pass / send the currently logged business space user/group to my widget or as a query string?

or How to get the currently logged business space user details?

Much Appreciated!

Thanks in Advance.

Prakash
Updated on 2010-12-08T14:13:07Z at 2010-12-08T14:13:07Z by awpl
  • drdamour
    drdamour
    23 Posts
    ACCEPTED ANSWER

    Re: How to pass/send the logged user name and details to my custom widget?

    ‏2010-11-18T16:52:54Z  in response to awpl
    you will want to read through the widget programming guides @ http://www-10.lotus.com/ldd/mashupswiki.nsf/dx/widget-programming-guide

    in the specification you'll see that the iContext object has a method called getUserProfile that returns a managed item set. An item within their will have what you're looking for.

    But given that you are doing "auditing", i imagine you are going to make a call to your server to persist the audit record, remember that since you will be authenticated to WAS your audit persistence API could retrieve the user's principal as well. In fact this would be better practice, as it would eliminate the potential for spoofing.

    IE: if your audit API is like /Audit/Write?USERID=drdamour&event=comment anyone could just change the USERID query string parameter to any value, and your audit trail would become corrupt. if instead you get the user id within the actual /Audit/Write servlet, the userid can no longer be spoofed.


    I am Just a new Boy,
    A Stranger in this Town,
    Where are All the Good Times,
    Who's Gonna Show this Stranger Around?
    • awpl
      awpl
      7 Posts
      ACCEPTED ANSWER

      Re: How to pass/send the logged user name and details to my custom widget?

      ‏2010-11-19T09:06:27Z  in response to drdamour
      Yup Got it for widget!

      Thank you so much drdamour.

      i guess the following question is too much to ask. however, just curious to know!
      without having or creating any custom widgets! is there any simple way to retrieve the authenticated user details? something like from the SESSION SCOPE VARIABLE of BusinessSpace?

      Actually i'm thinking to create a simple jsp / servlet and call it in using default WebPage widget. (here, inside the jsp i can store the user id in a hidden input field).

      if it's possible, we can integrate more legacy and non-legacy systems inside BusinessSpace.

      Thanks again.

      Cheers!
      Prakash
      • drdamour
        drdamour
        23 Posts
        ACCEPTED ANSWER

        Re: How to pass/send the logged user name and details to my custom widget?

        ‏2010-11-19T14:22:33Z  in response to awpl
        AFAIK, the only code that can access the session scope of business space is code that runs within the businessspace (or more accurately since businessspace 7: lotus mashups) application context: eg anything that's gonna be sent to a url like /mum/*. SO you'd have to put your servlet inside of business space's, and configure it in business' space's web.config i think. Maybe different web modules in an ear can share session scope...i'm not sure. But as i said in my previous post, businessspace/lotus mashups does a container login, so you have full access to the security tokens supplied by the LTPA keys with any application that runs on that WAS node. You should be able to get the user id from that. You could use the JAAS api to retrieve it, or since you're in a P8 environment you could just get it from the CE or PE/VW APIs as well.

        What session variables would you need to get to? They aren't documented, and modifying them is likely unsupported.

        I am Just a new Boy,
        A Stranger in this Town,
        Where are All the Good Times,
        Who's Gonna Show this Stranger Around?
        • awpl
          awpl
          7 Posts
          ACCEPTED ANSWER

          Re: How to pass/send the logged user name and details to my custom widget?

          ‏2010-12-08T14:13:07Z  in response to drdamour
          Thank you so much for reply.

          Created a custom widget.

          var searchFor = dojo.byId(this.domID + "searchFor").value;

          var userid = this.iContext.getUserProfile().getItemValue('userid')

          alert("Returning userid = "+userid);

          var url = "https://hqdemo1:9443/ClientServicesWeb/search.jsp?searchFor="searchFor"&useird="+userid;

          this.iContext.iEvents.fireEvent("SearchFor", "any", url);

          currently this is the way it works.

          btw, found the same kind of discussion in the following url.

          http://www.ibm.com/developerworks/forums/thread.jspa?messageID=14177173

          also can found the custom userid iwidget in the following url.

          http://translate.google.co.za/translate?hl=en&sl=ja&u=http://www.ibm.com/developerworks/wikis/display/mashupwikij/UseridWidget&ei=iY7_TLvQCMiAOt26hMEM&sa=X&oi=translate&ct=result&resnum=1&ved=0CB4Q7gEwAA&prev=/search%3Fq%3Dhttp://www.ibm.com/developerworks/wikis/display/mashupwikij/UseridWidget%26hl%3Den%26client%3Dfirefox-a%26hs%3Dvwf%26rls%3Dorg.mozilla:en-US:official%26prmd%3Div



          Thanks Again.
          Prakash