Daniele Licitra
Reputation: 1608
JAAS and web service authorization : get logged user
I've a JSF application that do login via JAAS. It works fine.
Now, my page calls a REST web service. I need to know who did the request.
In the request's header I have:
Cookie = JSESSIONID=XBHZuYnzgkGyQSR8kBLNSks_s7nuXAMli7Gp-9Mn.dlicitra; _ga=GA1.1.1590792307.1560863707
The web service is implemented in a Stateless EJB. The method is:
@Path(value = "myservice/{id}")
@GET
@Produces(value = "application/json")
public List<Records> getServices(
@HeaderParam(value = "Cookie") String cookie,
@PathParam(value = "id") Long id){
return ... ;
}
How can I get the logged user from the cookie string?
Upvotes: 1
Views: 415
Answers (1)
perissf
Reputation: 16273
As explained in the comment, instead of mangling with parsing or decoding the cookie's SessionId, I'd go with the Java EE's security API built-in solution of injecting the SecurityContext into the EJB, and getting the userPrincipal from it:
@Context
private SecurityContext securityContext;
And in your method:
Principal principal = securityContext.getUserPrincipal();
See also:
Baeldung's post on Java EE 8 Security API
Upvotes: 1
Related Questions
- JAX-RS - Authentication and getting user data in RESTful web services
- Client application to get the roles of a logged in user (JAAS)
- JAAS microservice authentication
- How to get authenticated user info in a JAX-WS web service?
- JAAS - How to authenticate user in web tier?
- Login a user programmatically via JAAS
- How can I check for authorization in JAAS during request
- Using HTTP Request.login with JBoss/JAAS
- Java authentication, authorization service (JAAS)
- Retrieving authentication info for a JBoss webservice