Topic
  • 3 replies
  • Latest Post - ‏2013-07-08T17:23:56Z by bpaskin
Samuel Chan
Samuel Chan
6 Posts

Pinned topic Authenticating a user in a JSP

‏2013-07-05T01:48:26Z |

I have an external resource that I'd like to keep restricted if the correct credentials are not available (among other checks). So I've got a basic HTTPClient going and I've tried to access a RESTful service and obviously it's given me the 'not authorised' code.

The basic idea is that I'd like to be able to identify the currently logged in user and check if they are authorised to access that data based on a SQL query I'll run with the user ID.

I'm not sure if I'm asking the wrong question and/or if this is the wrong way to go about it.

Thanks in advance,
Sam.

  • bpaskin
    bpaskin
    5200 Posts

    Re: Authenticating a user in a JSP

    ‏2013-07-06T21:35:20Z  

    Hi,

    How has the user originally logged on to the system and are you trying to access JAX-RS or a JSP?

    Regards,

    Brian

  • Samuel Chan
    Samuel Chan
    6 Posts

    Re: Authenticating a user in a JSP

    ‏2013-07-07T23:59:49Z  
    • bpaskin
    • ‏2013-07-06T21:35:20Z

    Hi,

    How has the user originally logged on to the system and are you trying to access JAX-RS or a JSP?

    Regards,

    Brian

    Sorry. To clarify, the user is logged into the Portal/BPM system. I'm hoping I can access some form of user ID that is the same as in the BPM system so I can identify the user via an external resource.

    The JSP pages will be running on the same domain as the BPM system (WSEA). I initially asked about using REST (using the service for current user) because I understand how to access it via AJAX, which is rather trivial.

    Once I have the user data, I'll then run code depending on their access level.

  • bpaskin
    bpaskin
    5200 Posts

    Re: Authenticating a user in a JSP

    ‏2013-07-08T17:23:56Z  

    Sorry. To clarify, the user is logged into the Portal/BPM system. I'm hoping I can access some form of user ID that is the same as in the BPM system so I can identify the user via an external resource.

    The JSP pages will be running on the same domain as the BPM system (WSEA). I initially asked about using REST (using the service for current user) because I understand how to access it via AJAX, which is rather trivial.

    Once I have the user data, I'll then run code depending on their access level.

    Hi,

    In a JSP you can use the HttepServletRequest information to get some information about the user, but it is not security.  If you to use security, then you would need to use security constraints to limit page access. 

    Regards,

    Brian