Home > JAVA EE, secure > How to get information about user using Servlet

How to get information about user using Servlet

Friday, 21 January, 2011 Leave a comment Go to comments

The method getRemoteUser() of the HttpServletRequest gives the username of the client. With the remote user’s name, a servlet can save information about each client. Over the long term, it can remember each individual’s preferences. For the short term, it can remember the series of pages, viewed by the client and use them to add a sense of state to a stateless HTTP protocol.

A simple servlet that uses getRemoteUser() can greet its clients by name and remember when each last logged in as shown in the example below:

import java.io.*;
import java.sql.Date;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;

public class PersonalizedWelcome extends HttpServlet{
    Hashtable accesses = new Hashtable();
    public void doGet(HttpServletRequest req,HttpServletResponse res)
            throws ServletException,IOException{
        PrintWriter out= res.getWriter();
        // Some introductory HTML...
        String remoteUser = req.getRemoteUser();
        // See if the client is allowed
        if(remoteUser == null){
        } else{
            out.println("Welcome " + remoteUser + "!");
            Date lastAccess = (Date)accesses.get(remoteUser);
                out.println("This last visit was "  + accesses.get(remoteUser));
                out.println("Shall we play  a game");
            accesses.put(remoteUser, new Date());
        //continue handling the request

The following HttpServletRequest interface methods are also available to access security information about the component’s caller:

getRemoteUser: This method is called to get the user name with which the client authenticated. It returns the name of remote user associated by the container with the request. If no user has been authenticated, the method returns null.
isUserInRole: This method determines whether a remote user is in a specific security role. If no user has been authenticated, it returns false. This method expects a String user role-name parameter. The security-role-ref element should be declared in the deployment descriptor with a role-name sub-element containing the role name to be passed to the method.
getUserPrincipal: The getUserPrinicipal method is called to determine the principal name of the current user and returns a java.security.Principal object. If no user has been authenticated, it returns null. Calling the getName method on the Principal returned by getUserPrincipal returns the name of the remote user.

getRemoteUser() [java.lang.String]
Returns the login of the user making this request, if the user has been authenticated, or null if the user has not been authenticated.

isUserInRole(String role) [boolean]
Returns a boolean indicating whether the authenticated user is included in the specified logical “role”.

getUserPrincipal() [java.security.Principal]
Returns a java.security.Principal object containing the name of the current authenticated user

1 w3
2 w3
3 w3

Categories: JAVA EE, secure Tags: ,
  1. Friday, 21 January, 2011 at 4:01 pm
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: