0

So I have this JSF project that uses form based authentication. On the first attempt to open my JSF page, I get redirected to my login server. There the authentication takes place and on success I get redirected to my application. Unfortunately I don't know how to get the information that the authentication server provides, like username.

I have a page where a text is saying "Signed in as ". should be set by a ManagedBean with the method getCurrentUserPrincipal().

<h:outputText value="#{myBean.getCurrentUserPrincipal()}"/>

The method is currently empty. I tried it with WSSubject.getCallerPrincipal() and FacesContext.getCurrentInstance().getExternalContext().getUserPrincipal() but that returned null. How can I get the information I need with that method? Is it even possible? I'm not sure what information you would need, so if something is missing, I will provide if I can.

Andy Guibert
  • 41,446
  • 8
  • 38
  • 61
kinglite
  • 339
  • 3
  • 20
  • How can we know where **your** authentication server puts the information? This question is in no way java, jsf, servlets or java-ee related. – Kukeltje Dec 22 '17 at 15:54
  • Ok, where could the information be stored when I do a form based authentication (in web.xml). I get redirected to the login and on success back to my application. How is this not at least j2ee or servlet related? Let´s say it is stored in a cookie: How can I get the information from there? Or LTPA token (same as cookie?)? What then? Btw. I´m using Liberty. Might I need some configuration in the server.xml? – kinglite Dec 22 '17 at 17:16

2 Answers2

0

Inject the principal into your managed bean like:

@Inject
private Principal principal;

then, based on your html above for outputText field, provide a getter in your managed bean something like:

public String getCurrentUserPrincipal() {
    return principal.getName();
}
F Rowe
  • 2,042
  • 1
  • 11
  • 12
0

After some digging I found out that our authenticating server was a siteminder service and the informations came back in a cookie (SMSESSION) and header information of the response. So, it would be enough to read the header information to get the user name.

But the principal or subject would still return null. To get this and also make security working, I added a TAI to Liberty. How this is done, you can read here and here. My myTAI.jar is really simple. Because I have a ldap registry configured, I need the user security name (String, e.g. uid=..,ou=..,ou=..) of the given username (header) for further authentication and return this:

return TAIResult.create(HttpServletResponse.SC_OK, userSecName);

In the background Liberty will then do some further authentication and creates the principle and subject. If everything is correctly configured and the user is authorized to enter the application, he will and will have principle and subject objects available.

kinglite
  • 339
  • 3
  • 20
  • As you can see in the end, it is all not jsf, not java-ee (j2ee is the old abbreviation) and not servlet related in the sense that they do not play an active role in all this not working before... But great you solved it. – Kukeltje Jan 05 '18 at 09:51