RE: Getting username in webfacing -- WDSCI-L

Does anybody know the name of this bean? Maybe the
folks from IBM?

Thanks.

--- "Gibbons, Michael" <bmis04@xxxxxxxxxxxxxxx> wrote:

> I would think if you could determine the name of the
> bean webfacing is using
> and the exact filed name you could add it to your
> jsp and then do 
> 
> <jsp:useBean id="webfacebean" class="packageName"
> scope="session" />
> 
> <%
> String user = webfacebean.getUsername();
> %>
> Or 
> <%
> String user = request.getParameter("username"); 
> %>
> 
> Either way you need to know the exact field name.
> 
> The version of was can make a difference. Single
> signon can also be solved
> by the ldap server.
> 
> Hope this helps 
> 
> -----Original Message-----
> From: Mark Phippard [mailto:MarkP@xxxxxxxxxxxxxxx] 
> Sent: Thursday, June 23, 2005 11:25 AM
> To: Websphere Development Studio Client for iSeries
> Subject: Re: [WDSCI-L] Getting username in webfacing
> 
> wdsci-l-bounces@xxxxxxxxxxxx wrote on 06/23/2005
> 10:51:08 AM:
> 
> > I'm triyng to limit access to a WebFaced
> application based on username 
> > and ip address, how can I get the username in JSP?
> > 
> > If anybody can help me it would be great.
> 
> I do not know what WebFacing offers in this area,
> but ideally you solve this
> problem at the Apache or WebSphere level.  Force the
> login at that level,
> and let it protect your application as you desire. 
> This has the added
> advantage of letting you implement an Single Sign-On
> solution someday. 
> 
> In this scenario the user tries to access a URL.  If
> necessary, Apache or
> WAS will challenge the user for their ID and
> password.  It will then permit
> or deny access according to your rules.  Only when
> they are allowed, do they
> now hit your WebFacing code.  Ideally, WebFacing
> apps have the ability to
> pick up the identity of the user from the login they
> provided to Apache or
> WAS so that they do not have to login again. 
> 
> Besides the easy security benefits, the user can
> move from app to app on
> your server without logging in again.  The browser
> and Apache/WAS will
> handle all of that negotiation.  Also, if you
> implement SSO, they might not
> need to login at all.  Their client login will
> provide their credentials to
> Apache/WAS.
> 
> Mark
> 
> 
>
____________________________________________________________________________
> _
> Scanned for SoftLanding Systems, Inc. by IBM Email
> Security Management
> Services powered by MessageLabs. 
>
____________________________________________________________________________
> _
> --
> This is the Websphere Development Studio Client for
> iSeries  (WDSCI-L)
> mailing list To post a message email:
> WDSCI-L@xxxxxxxxxxxx To subscribe,
> unsubscribe, or change list options,
> visit:
> http://lists.midrange.com/mailman/listinfo/wdsci-l
> or email: WDSCI-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the
> archives at
> http://archive.midrange.com/wdsci-l.
> -- 
> This is the Websphere Development Studio Client for
> iSeries  (WDSCI-L) mailing list
> To post a message email: WDSCI-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit:
> http://lists.midrange.com/mailman/listinfo/wdsci-l
> or email: WDSCI-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the
> archives
> at http://archive.midrange.com/wdsci-l.
> 




__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com