Topic
3 replies Latest Post - ‏2013-07-08T17:23:56Z by bpaskin
Samuel Chan
Samuel Chan
6 Posts
ACCEPTED ANSWER

Pinned topic Authenticating a user in a JSP

‏2013-07-05T01:48:26Z |

I have an external resource that I'd like to keep restricted if the correct credentials are not available (among other checks). So I've got a basic HTTPClient going and I've tried to access a RESTful service and obviously it's given me the 'not authorised' code.

The basic idea is that I'd like to be able to identify the currently logged in user and check if they are authorised to access that data based on a SQL query I'll run with the user ID.

I'm not sure if I'm asking the wrong question and/or if this is the wrong way to go about it.

Thanks in advance,
Sam.

  • bpaskin
    bpaskin
    3831 Posts
    ACCEPTED ANSWER

    Re: Authenticating a user in a JSP

    ‏2013-07-06T21:35:20Z  in response to Samuel Chan

    Hi,

    How has the user originally logged on to the system and are you trying to access JAX-RS or a JSP?

    Regards,

    Brian

    • Samuel Chan
      Samuel Chan
      6 Posts
      ACCEPTED ANSWER

      Re: Authenticating a user in a JSP

      ‏2013-07-07T23:59:49Z  in response to bpaskin

      Sorry. To clarify, the user is logged into the Portal/BPM system. I'm hoping I can access some form of user ID that is the same as in the BPM system so I can identify the user via an external resource.

      The JSP pages will be running on the same domain as the BPM system (WSEA). I initially asked about using REST (using the service for current user) because I understand how to access it via AJAX, which is rather trivial.

      Once I have the user data, I'll then run code depending on their access level.

      • bpaskin
        bpaskin
        3831 Posts
        ACCEPTED ANSWER

        Re: Authenticating a user in a JSP

        ‏2013-07-08T17:23:56Z  in response to Samuel Chan

        Hi,

        In a JSP you can use the HttepServletRequest information to get some information about the user, but it is not security.  If you to use security, then you would need to use security constraints to limit page access. 

        Regards,

        Brian