0

I'm trying to implement loggin filter as described in this question: How implement a login filter in JSF?

But can't get any attribute associated with currently logged user. I'm using Websphere 8.0 with build-in Apache MyFaces 2.0.3

My code is following:

    String path = req.getServletPath();
    HttpSession session =  req.getSession(false);

I have tried to use req.getSession().getAttribute("auth");, it return null; req.getSession().getAttribute("username") returns null too.

But when I try to debug or print by toString the session I get the following output (I've hidden private information):

     (java.lang.String) # HttpSessionImpl # 
 { 
 _iSession=# com.ibm.ws.session.store.memory.MemorySession # 
 { 
 _sessionId=f7ZHa1mIEnp3CDyMammVg1U
hashCode : 73409621
create time : Sun May 31 19:34:53 IDT 2015
last access : Sun May 31 19:35:23 IDT 2015
max inactive interval : 900
user name : user:**********/uid=******,c=il,OU=**,O=********
valid session : true
new session : false
overflowed : false
app name : default_host/*********

Attribute Names=[org.apache.myfaces.view.facelets.DefaultFaceletsStateManagementHelper.SERIALIZED_VIEW, jsf_sequence, org.apache.webbeans.web.failover, WebBeansConfigurationListener, facelets.ui.DebugOutput, javax.faces.request.charset]
 _refCount=1
 } 

 _httpSessionContext=com.ibm.ws.session.http.HttpSessionContextImpl@4cab3001
 }

So I decided that session keeps the data which I need, I just don't know how to get it.

When I tried to debug it deeper I found that it contains variable: _iSession of type MemorySession and inside it there's a variable _userName which contains the required data, but again, I couldn't get it.

I've tried to cast this object to HttpSessionImpl but get an error: could not resolve type: com.ibm.ws.session.http.HttpSessionImpl

The next step to get the required data is by using reflection, but I'm sure that it's wrong way. It should be much more convenient way to access it.

Thank you for any help.

Community
  • 1
  • 1
Anatoly
  • 5,056
  • 9
  • 62
  • 136
  • What exactly have you placed in session with name `auth` or `username`? This information is missing in the question. The answer which you're linking to tells one way, but you're nowhere confirming that. – BalusC Jun 01 '15 at 08:32
  • @BalusC, I didn't placed anything. I was sure that JSF do this work under the hood. I think I understood my mistake. I should place this value in session when I perform login (but where can I do it? I use Websphere's login mechanism). Another solution which I'm going to use is `@Inject` my CDI `propertiesBean` which is `@SessionScope` and check by using it. Regarding what I'm trying to do. Inside group of user which can login to application there's a small group who permitted to use it, and I need to restrict access from other users. – Anatoly Jun 01 '15 at 09:22
  • In the end I've used this method to extract `userName` http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser() together with injected @EJB bean. It works great but me disturbing this sentence from API : Whether the user name is sent with each subsequent request depends on the browser and type of authentication. Don't know should I worry or not. – Anatoly Jun 01 '15 at 16:35

0 Answers0