6 Replies Latest reply on Nov 28, 2006 9:46 AM by bdaw

    Determine portal logged-in user from external servlet

    jonaschapuis

      Hi,

      I am trying to setup an architecture where portlets communicate with servlets that are independent from the portal, using AJAX. In this context, I need to ensure that the logged-in user is the one sending the request (encode the username in the AJAX request), and upon reception of the request in the servlet, ensure that this user is currently logged-in to the portal.

      So my two questions are:
      - How do I access the currently logged-in users from the servlet ?
      - How do I encode the username in the AJAX request ?

      Thanks for your advice,

      Jonas

        • 1. Re: Determine portal logged-in user from external servlet
          bdaw

          The user identity in portal won't be propagated to the servlet. The easiest workaround for that is to leverage PortletSession.APPLICATION_SCOPE using which you can share objects with servlet HttpSession. Usually for use cases like file download you store a token in a portlet session, pass token id as url parameter and check if it's valid in servlet. I can't help you with AJAX as I'm not very knowledgeable in it.

          • 2. Re: Determine portal logged-in user from external servlet
            soshah

            If the portlets and servlets are part of the same web application context,

            dont you think request.getUserPrincipal() inside the servlet should result in the Principal of the user logged in to the Portal. null if anonymous.


            Then the userid can be encoded as a url parameter on AJAX requests, or AJAX processor on the server side can extract user id via request.getUserPrincipal call.


            • 3. Re: Determine portal logged-in user from external servlet
              bdaw

               

              If the portlets and servlets are part of the same web application context,


              There is a portal web application (the one in which you authenticate) and a separate web application containing portlets and servlets. So portal just switches the context to access portlet and invoke render/action. Or maybe I'm missing something :)

              • 4. Re: Determine portal logged-in user from external servlet
                theute

                Correct. The web application will return null on getUserPrincipal()

                • 5. Re: Determine portal logged-in user from external servlet
                  soshah

                  Ahhhh ok

                  so here is my confusion and need clarification:

                  portal is a separate web application, and the web application with the portlets and servlets is a separate standalone web application.

                  so when request.getUserPrincipal is called on just the standalone web app (not via portal), it will return null even if inside portal web application you get request.getUserPrincipal == logged in user


                  Then, inside the portlet if you place the Principal into HttpSession.APPLICATION_SCOPE, will this object be propagated into the HttpSession of the standalone web application (one with the portlets and servlets)? Does Portal have access to the HttpSession object of the standalone web application?

                  Thanks in advance
                  Sohil

                  • 6. Re: Determine portal logged-in user from external servlet
                    bdaw

                    Yes. If you have a portlet and a servlet inside same war file you can store object in PortletSession using APPLICATION_SCOPE and it'll be visible in servlet HttpSession. PortletSession is mostly a wrapper around HttpSession and PORTLET_SCOPE use namespacing mechanism to hide attributes from other portlets in the application