cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to add the logged in user to HEADER or COOKIE

Go to solution
Former Member

on ‎07-16-2008 9:56 AM

0 Kudos

Hello,

I have got a J2EE application that is deployed on the J2EE engine expects to find the current logged in user ID either in the HEADER or COOKIE.

At the moment we use BasicPasswordLoginModule to authenticate the user. How can I add these credentials to a HEADER or a COOKIE after login?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member698570
Active Participant
‎07-16-2008 2:10 PM
0 Kudos

Hi,

you can have a look at this documentation:

http://help.sap.com/saphelp_nw70/helpdata/EN/23/820e3f5b656927e10000000a114084/frameset.htm

It describes how to get and set Headers or Cookies from within Login Modules.

You could write an own login module that extends one of the existing login modules (e.g BasicPasswordLoginModule) and keeps the functionality and just adds a cookie to the response. The problem is that the cookie is in the response and you will now have to call your application that expects the username in the cookie from your browser.

I don't know if this is what you want.

Maybe it's even too much overhead to write or extend a login module for just setting a cookie so maybe it might be easier if you just write an application in your portal that uses the Basic LoginModule to authenticate the user. In your application you fetch the username using UME API and set a cookie containing the username. Additionally can send a redirect to your destination application that actually expects the cookie to be sent by the client.

BUT: Maybe it is even easier if you just adjust your existing app deployed on the J2EE and fetch the logged on user using UME API???

The Header Approach is much more complicated since you need an instance that acutally adds the Header. Your Browser cannot do that so you will need something like a Proxy or Jav a App that serves as a Proxy in between.

If you need more assistance let me know

Hope this helps

Cheers

Show replies
Show replies
Former Member
‎07-16-2008 2:16 PM
0 Kudos

Hi Marcel,

Thank you for your response.

This J2EE app is an out of the box one that is configurable throuh it's web.xml, I can't (well, I can but prefer not to) change it's code.

What if I'll just add the CreateTicketLogin module below the BasicPasswordLoginModule? Will that not create a session cookie named MYSAPSSO2 as explained [here|http://help.sap.com/saphelp_nw04s/helpdata/en/aa/bf503e1dac5b46e10000000a114084/frameset.htm] ?

Roy

former_member698570
Active Participant
‎07-16-2008 3:27 PM
0 Kudos

Hi,

yes it will if the BasicPasswordLoginModule succeeds.

But what you will have then is a Cookie (MYSAPSSO2 as you said) that contains a huge BASE64 String.

You can decode it and one kind of information you'll find is the username.

What I understood is that your APP needs a Cookie that contains just the username.

E.g.

MYCOOKIE: username

Correct?

So you can parse the Cookie and fetch the username using some libs provided by SAP but as you said you do not want to modify the code of your app right?

Maybe there is some other approach you want to follow

Let me know

Cheers

Former Member
‎07-16-2008 4:23 PM
0 Kudos

Hi Marcel,

Well, yes, let's assume I just need MYCOOKIE: username.

What I can do is building a proxy servlet that does that and then redirects to the application.

Any code samples of how to extract the username into a cookie, either from MYSAPSSO2 or maybe from the UME?

Rgds,

Roy

former_member698570
Active Participant
‎07-16-2008 5:03 PM
0 Kudos

Hi,

Here is a method I implemented to verify whether a user belongs to a specific group.

It also detects the current user.

You can use this to fetch the current user using UME API:

private final boolean hasEditPermission(IPortalComponentRequest request) {
  		
  		boolean permitted = false;
		Bean bean = getBean(request);
		
		try {
			IGroupFactory igf = UMFactory.getGroupFactory ();
			IUserFactory ufac = UMFactory.getUserFactory ();
			IGroup EDITORS = igf.getGroupByUniqueName (bean.getGalleryRequiredGroupToEdit());
			
			IUser loggedonUser = UMFactory.getAuthenticator().getLoggedInUser();
			
			if (loggedonUser!=null) {
				String editorsgroupun = EDITORS.getUniqueID ();
				permitted = loggedonUser.isMemberOfGroup (editorsgroupun, true);
			}
		} catch (UMException UMEx) {
			UMEx.printStackTrace();
		}
		return permitted;
  	}

Hope this Helps

Cheers

Former Member
‎07-16-2008 5:07 PM
0 Kudos

Hi Marcel,

Thanks for the code, I'm familiar with UME API but I'll go with the MYSAPSSO2 cookie decryption.

What I need is a code sample of how to decrypt the username from MYSAPSSO2 cookie in case you are familiar with one...

Rgds,

Roy

Edited by: Roy Cohen on Jul 16, 2008 9:11 PM

former_member698570
Active Participant
‎07-16-2008 11:19 PM
0 Kudos

Hi,

yes I am. I can post some code tomorrow. But it's quite strange to decode the Cookie within J2EE. The approach of decoding or parsing the MYSAPSSO2 Cookie is mostly performed in 3rd party systems in order to provide SSO functionality (from Portal to 3rd party).

Nevermind.

There are 3 approaches to do this

1st: The Cookie is Base 64 Encoded so you can just decode it and the readable part of the decoded information also contains the username (I'll paste a sample tomorrow)

2nd: You use the SSOEXT Ticket Verification Library provided by SAP

Goto Service Marketplace / Software Distribution Center / Search For All Categories(https://websmp207.sap-ag.de/swdc) and Search for SSOEXT. The Download Package (SAP ARCHIVE .SAR) exists for several OS and the Archive does also contain Code samples for various languages such as Java, .NET and it also contains a PDF with samples and useful information). This approach uses native libraries though that are linked with the OS (under Windows .dll files, under Unix Shared Object Files) so you have to load these libraries before you can use the JAVA classes

3rd: You have a look at the following site and use the pure Java approach that works without any native libraries:

http://www.trick77.com/2008/02/07/validating-sap-logon-tickets-with-java/

http://www.zope.org/Members/Dirk.Datzert/MySapSsoSupport/

I worked with all 3 approaches so if you need further assistance just let me know

Cheers and good night

Former Member
‎07-17-2008 9:36 AM
0 Kudos

Thanks again Marcel, you're a real helper!

OK, you've convinced me not to decrypt the username from the MYSAPSSO2 cookie.

What I'll do is get the username in a proxy servlet which will set the current logged in username in Request.setAttribute and then will forward to the other app (it supports REQUEST as well). Any code sample of how to get the current logged in user in a standard J2EE (non-web dynpro) application deployed on SAP app server?

Rgds,

Roy

Former Member
‎07-17-2008 9:50 AM
0 Kudos

Hi again,

OK, I've created a servlet and added this code to it's doGet method:


IUser loggedonUser = UMFactory.getAuthenticator().getLoggedInUser();
PrintWriter out  = response.getWriter();
out.print(loggedonUser.getUniqueName());

I've then created a URL iView and called this web app from it but when I run it from the portal I don't get the current logged in user but Guest.

Any ideas...?

Roy

Former Member
‎07-17-2008 10:05 AM
0 Kudos

I think I got it 


IUser portalUser = UMFactory.getAuthenticator().getLoggedInUser(request,response);
PrintWriter out  = response.getWriter();
out.print(portalUser.getUniqueName());

former_member698570
Active Participant
‎07-17-2008 12:19 PM
0 Kudos

If you need further assistance let me know

Cheers

Answers (0)

Ask a Question