on 07-16-2008 9:56 AM
Hello,
I have got a J2EE application that is deployed on the J2EE engine expects to find the current logged in user ID either in the HEADER or COOKIE.
At the moment we use BasicPasswordLoginModule to authenticate the user. How can I add these credentials to a HEADER or a COOKIE after login?
Hi,
you can have a look at this documentation:
http://help.sap.com/saphelp_nw70/helpdata/EN/23/820e3f5b656927e10000000a114084/frameset.htm
It describes how to get and set Headers or Cookies from within Login Modules.
You could write an own login module that extends one of the existing login modules (e.g BasicPasswordLoginModule) and keeps the functionality and just adds a cookie to the response. The problem is that the cookie is in the response and you will now have to call your application that expects the username in the cookie from your browser.
I don't know if this is what you want.
Maybe it's even too much overhead to write or extend a login module for just setting a cookie so maybe it might be easier if you just write an application in your portal that uses the Basic LoginModule to authenticate the user. In your application you fetch the username using UME API and set a cookie containing the username. Additionally can send a redirect to your destination application that actually expects the cookie to be sent by the client.
BUT: Maybe it is even easier if you just adjust your existing app deployed on the J2EE and fetch the logged on user using UME API???
The Header Approach is much more complicated since you need an instance that acutally adds the Header. Your Browser cannot do that so you will need something like a Proxy or Jav a App that serves as a Proxy in between.
If you need more assistance let me know
Hope this helps
Cheers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Marcel,
Thank you for your response.
This J2EE app is an out of the box one that is configurable throuh it's web.xml, I can't (well, I can but prefer not to) change it's code.
What if I'll just add the CreateTicketLogin module below the BasicPasswordLoginModule? Will that not create a session cookie named MYSAPSSO2 as explained [here|http://help.sap.com/saphelp_nw04s/helpdata/en/aa/bf503e1dac5b46e10000000a114084/frameset.htm] ?
Roy
Hi,
yes it will if the BasicPasswordLoginModule succeeds.
But what you will have then is a Cookie (MYSAPSSO2 as you said) that contains a huge BASE64 String.
You can decode it and one kind of information you'll find is the username.
What I understood is that your APP needs a Cookie that contains just the username.
E.g.
MYCOOKIE: username
Correct?
So you can parse the Cookie and fetch the username using some libs provided by SAP but as you said you do not want to modify the code of your app right?
Maybe there is some other approach you want to follow
Let me know
Cheers
Hi,
Here is a method I implemented to verify whether a user belongs to a specific group.
It also detects the current user.
You can use this to fetch the current user using UME API:
private final boolean hasEditPermission(IPortalComponentRequest request) {
boolean permitted = false;
Bean bean = getBean(request);
try {
IGroupFactory igf = UMFactory.getGroupFactory ();
IUserFactory ufac = UMFactory.getUserFactory ();
IGroup EDITORS = igf.getGroupByUniqueName (bean.getGalleryRequiredGroupToEdit());
IUser loggedonUser = UMFactory.getAuthenticator().getLoggedInUser();
if (loggedonUser!=null) {
String editorsgroupun = EDITORS.getUniqueID ();
permitted = loggedonUser.isMemberOfGroup (editorsgroupun, true);
}
} catch (UMException UMEx) {
UMEx.printStackTrace();
}
return permitted;
}
Hope this Helps
Cheers
Hi,
yes I am. I can post some code tomorrow. But it's quite strange to decode the Cookie within J2EE. The approach of decoding or parsing the MYSAPSSO2 Cookie is mostly performed in 3rd party systems in order to provide SSO functionality (from Portal to 3rd party).
Nevermind.
There are 3 approaches to do this
1st: The Cookie is Base 64 Encoded so you can just decode it and the readable part of the decoded information also contains the username (I'll paste a sample tomorrow)
2nd: You use the SSOEXT Ticket Verification Library provided by SAP
Goto Service Marketplace / Software Distribution Center / Search For All Categories(https://websmp207.sap-ag.de/swdc) and Search for SSOEXT. The Download Package (SAP ARCHIVE .SAR) exists for several OS and the Archive does also contain Code samples for various languages such as Java, .NET and it also contains a PDF with samples and useful information). This approach uses native libraries though that are linked with the OS (under Windows .dll files, under Unix Shared Object Files) so you have to load these libraries before you can use the JAVA classes
3rd: You have a look at the following site and use the pure Java approach that works without any native libraries:
http://www.trick77.com/2008/02/07/validating-sap-logon-tickets-with-java/
http://www.zope.org/Members/Dirk.Datzert/MySapSsoSupport/
I worked with all 3 approaches so if you need further assistance just let me know
Cheers and good night
Thanks again Marcel, you're a real helper!
OK, you've convinced me not to decrypt the username from the MYSAPSSO2 cookie.
What I'll do is get the username in a proxy servlet which will set the current logged in username in Request.setAttribute and then will forward to the other app (it supports REQUEST as well). Any code sample of how to get the current logged in user in a standard J2EE (non-web dynpro) application deployed on SAP app server?
Rgds,
Roy
Hi again,
OK, I've created a servlet and added this code to it's doGet method:
IUser loggedonUser = UMFactory.getAuthenticator().getLoggedInUser();
PrintWriter out = response.getWriter();
out.print(loggedonUser.getUniqueName());
I've then created a URL iView and called this web app from it but when I run it from the portal I don't get the current logged in user but Guest.
Any ideas...?
Roy
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.