Topic
  • 4 replies
  • Latest Post - ‏2010-12-08T14:13:07Z by awpl
awpl
awpl
7 Posts

Pinned topic How to pass/send the logged user name and details to my custom widget?

‏2010-11-17T15:45:23Z |
Hi,

I'm very new to this ECM Widgets. I'm currently building a custom widget using 4.5.1,

here i've a requirement to send the current business space logon user id to keep some auditing information.

so, How to pass / send the currently logged business space user/group to my widget or as a query string?

or How to get the currently logged business space user details?

Much Appreciated!

Thanks in Advance.

Prakash
Updated on 2010-12-08T14:13:07Z at 2010-12-08T14:13:07Z by awpl
  • drdamour
    drdamour
    23 Posts

    Re: How to pass/send the logged user name and details to my custom widget?

    ‏2010-11-18T16:52:54Z  
    you will want to read through the widget programming guides @ http://www-10.lotus.com/ldd/mashupswiki.nsf/dx/widget-programming-guide

    in the specification you'll see that the iContext object has a method called getUserProfile that returns a managed item set. An item within their will have what you're looking for.

    But given that you are doing "auditing", i imagine you are going to make a call to your server to persist the audit record, remember that since you will be authenticated to WAS your audit persistence API could retrieve the user's principal as well. In fact this would be better practice, as it would eliminate the potential for spoofing.

    IE: if your audit API is like /Audit/Write?USERID=drdamour&event=comment anyone could just change the USERID query string parameter to any value, and your audit trail would become corrupt. if instead you get the user id within the actual /Audit/Write servlet, the userid can no longer be spoofed.


    I am Just a new Boy,
    A Stranger in this Town,
    Where are All the Good Times,
    Who's Gonna Show this Stranger Around?
  • awpl
    awpl
    7 Posts

    Re: How to pass/send the logged user name and details to my custom widget?

    ‏2010-11-19T09:06:27Z  
    • drdamour
    • ‏2010-11-18T16:52:54Z
    you will want to read through the widget programming guides @ http://www-10.lotus.com/ldd/mashupswiki.nsf/dx/widget-programming-guide

    in the specification you'll see that the iContext object has a method called getUserProfile that returns a managed item set. An item within their will have what you're looking for.

    But given that you are doing "auditing", i imagine you are going to make a call to your server to persist the audit record, remember that since you will be authenticated to WAS your audit persistence API could retrieve the user's principal as well. In fact this would be better practice, as it would eliminate the potential for spoofing.

    IE: if your audit API is like /Audit/Write?USERID=drdamour&event=comment anyone could just change the USERID query string parameter to any value, and your audit trail would become corrupt. if instead you get the user id within the actual /Audit/Write servlet, the userid can no longer be spoofed.


    I am Just a new Boy,
    A Stranger in this Town,
    Where are All the Good Times,
    Who's Gonna Show this Stranger Around?
    Yup Got it for widget!

    Thank you so much drdamour.

    i guess the following question is too much to ask. however, just curious to know!
    without having or creating any custom widgets! is there any simple way to retrieve the authenticated user details? something like from the SESSION SCOPE VARIABLE of BusinessSpace?

    Actually i'm thinking to create a simple jsp / servlet and call it in using default WebPage widget. (here, inside the jsp i can store the user id in a hidden input field).

    if it's possible, we can integrate more legacy and non-legacy systems inside BusinessSpace.

    Thanks again.

    Cheers!
    Prakash
  • drdamour
    drdamour
    23 Posts

    Re: How to pass/send the logged user name and details to my custom widget?

    ‏2010-11-19T14:22:33Z  
    • awpl
    • ‏2010-11-19T09:06:27Z
    Yup Got it for widget!

    Thank you so much drdamour.

    i guess the following question is too much to ask. however, just curious to know!
    without having or creating any custom widgets! is there any simple way to retrieve the authenticated user details? something like from the SESSION SCOPE VARIABLE of BusinessSpace?

    Actually i'm thinking to create a simple jsp / servlet and call it in using default WebPage widget. (here, inside the jsp i can store the user id in a hidden input field).

    if it's possible, we can integrate more legacy and non-legacy systems inside BusinessSpace.

    Thanks again.

    Cheers!
    Prakash
    AFAIK, the only code that can access the session scope of business space is code that runs within the businessspace (or more accurately since businessspace 7: lotus mashups) application context: eg anything that's gonna be sent to a url like /mum/*. SO you'd have to put your servlet inside of business space's, and configure it in business' space's web.config i think. Maybe different web modules in an ear can share session scope...i'm not sure. But as i said in my previous post, businessspace/lotus mashups does a container login, so you have full access to the security tokens supplied by the LTPA keys with any application that runs on that WAS node. You should be able to get the user id from that. You could use the JAAS api to retrieve it, or since you're in a P8 environment you could just get it from the CE or PE/VW APIs as well.

    What session variables would you need to get to? They aren't documented, and modifying them is likely unsupported.

    I am Just a new Boy,
    A Stranger in this Town,
    Where are All the Good Times,
    Who's Gonna Show this Stranger Around?
  • awpl
    awpl
    7 Posts

    Re: How to pass/send the logged user name and details to my custom widget?

    ‏2010-12-08T14:13:07Z  
    • drdamour
    • ‏2010-11-19T14:22:33Z
    AFAIK, the only code that can access the session scope of business space is code that runs within the businessspace (or more accurately since businessspace 7: lotus mashups) application context: eg anything that's gonna be sent to a url like /mum/*. SO you'd have to put your servlet inside of business space's, and configure it in business' space's web.config i think. Maybe different web modules in an ear can share session scope...i'm not sure. But as i said in my previous post, businessspace/lotus mashups does a container login, so you have full access to the security tokens supplied by the LTPA keys with any application that runs on that WAS node. You should be able to get the user id from that. You could use the JAAS api to retrieve it, or since you're in a P8 environment you could just get it from the CE or PE/VW APIs as well.

    What session variables would you need to get to? They aren't documented, and modifying them is likely unsupported.

    I am Just a new Boy,
    A Stranger in this Town,
    Where are All the Good Times,
    Who's Gonna Show this Stranger Around?
    Thank you so much for reply.

    Created a custom widget.

    var searchFor = dojo.byId(this.domID + "searchFor").value;

    var userid = this.iContext.getUserProfile().getItemValue('userid')

    alert("Returning userid = "+userid);

    var url = "https://hqdemo1:9443/ClientServicesWeb/search.jsp?searchFor="searchFor"&useird="+userid;

    this.iContext.iEvents.fireEvent("SearchFor", "any", url);

    currently this is the way it works.

    btw, found the same kind of discussion in the following url.

    http://www.ibm.com/developerworks/forums/thread.jspa?messageID=14177173

    also can found the custom userid iwidget in the following url.

    http://translate.google.co.za/translate?hl=en&sl=ja&u=http://www.ibm.com/developerworks/wikis/display/mashupwikij/UseridWidget&ei=iY7_TLvQCMiAOt26hMEM&sa=X&oi=translate&ct=result&resnum=1&ved=0CB4Q7gEwAA&prev=/search%3Fq%3Dhttp://www.ibm.com/developerworks/wikis/display/mashupwikij/UseridWidget%26hl%3Den%26client%3Dfirefox-a%26hs%3Dvwf%26rls%3Dorg.mozilla:en-US:official%26prmd%3Div



    Thanks Again.
    Prakash