I am developing a web application using Oracle ADF. In my web application user has to log in to access web application. Application is working fine. Now I need to enable a feature like once a user has logged In and due to some reasons he closed a tab not the browser. So whenever he try to access the same application he do not need to login again. Since browser has not closed the user has to be automatically logged in.
For this I googled a lot and got information that we can achieve this using browser cache and servlet filters. I got information from This Stackoverflow question. But I don't know how to implement Filters and all in Oracle ADF web application. Please help on this.
Thanks in advance.
If the user is closing ONLY the tab containing the application, but not the browser, the user doesn't need to login again - this is how authentication works with Java Servlet API and ADF is built on this API. This happens because all browser tabs share the same http session and JSESSIONID cookie is stored at session level.
You can try logging on, close the tab, open another tab and type in the url directly to your home page (.../faces/main.jsf). This should get you in without login required.
Related
Hi i have created my web application in java to authenticate my application i can check the credentials in active directory. If user typed his user name and password means it works fine.
My question is, if the user already logged in his personal computer which is present in the domain by using his username and password. If the user open my web application means i need to go inside the home page without typed the username and password in the login page. How can i do this? Thanks in Advance.
Once the user is logged in successfully you can store some attributes in the session. You can then check on each page load whether the session is valid before allowing access. At a more comprehensive level this can be done using a Filter. Read a little bit on sessions here https://docs.oracle.com/cd/E19644-01/817-5451/dwsessn.html
If you want to read credentials from a user's browser, as someone suggested search Single Sign-on (SSO). There are a number of ways SSO can be implemented by your application, Kerberos-SPNEGO might be most suited for your requirement. But you can make a call once you have better understanding of SSO concepts.
I am using SessionAware of Struts2 for creating session. When we create session JSESSIONID is added in cookies. But when i quit browser then JSESSIONID is delete. So after quiting browser, When i again open application, it shows that user is not login.
How can i do in struts2 that JSESSIONID should not deleted when browser is closed.
The lifetime of a session is coupled with the browser. After you've closed the last instance (window, tab) of the browser, the JSESSIONID expires.
You need to carefully analyze pros and cons of allowing a user to relogin automatically after the browser has been closed, but if you still want to implement the Remember me feature, this is a must-read:
PART II: How To Remain Logged In - The Infamous "Remember Me" Checkbox
That it how session work. If you want to secure your application with login feature, you shouldn't allow an user to access your application easy by just open the browser. How if someone forget to log out.
However, if you still want to store some in browser, use normal cookie and set expiry time.
How can I retrieve the credentials for the currently logged-in Windows user that accessing my web application in java
From a standalone application, I can access the user id of a logged-in window user using
com.sun.security.auth.module.NTSystem NTSystem = new com.sun.security.auth.module.NTSystem();
System.out.println(NTSystem.getName());
However, this will not work for web app, since it will always print out the id of the user that running Tomcat, not the id of the user who accessing the web application
I see this being done before, that if I access a website via IE, it automatically log me in, but I use other browser, then a log-in box pop out. Any idea how to achieve this, thank you?
My web app is written in JSF with Tomcat 7.
You need to use a library that can receive the Kerberos token that IE will sent (assuming that it is configured with Integrated Windows Authentication).
There are multiple approaches/libraries to doing this, which are well documented on Apache's site for Tomcat. Here you go: http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html
You have some different options to achieve this. Tomcat has some suggestions on their homepage. I've used both IIS fronting and the spring-security kerberos extension and they work just fine.
I'm trying to implement a Facebook login for my site and am having a world of trouble. I understand the difference between the client (JavaScript SDK) and server-side implementations, but am confused as to which is the correct approach. What I need is to store the user's info in my database (userID, email, name, etc.), so I know I'll need the data on the server side. I don't want to log in via the JS SDK and send the data to the back end because it can easily be spoofed, so here's what I tried:
I've tried using the SDK and, once the user is logged in, refreshing the page to check for the cookie that Facebook puts in the session, but it doesn't seem to be present; the only cookie that's there is the session id.
Additionally, I tried doing a server-side implementation, but this caused the Facebook log in screen to be in the main browser window instead of a popup. This is undesirable because it takes the user away from my site. To force the login workflow to be in a separate window, I've thought about popping up a child window that points to my login url that ultimately redirects to Facebook, but then I don't know when the user is done logging in (I'd need to refresh the main page to hide the facebook login button, etc.).
Any help or ideas would be greatly appreciated! I'd like to do this the right way... not the easy way!
Bottom line: use spring-social in java applications for connection to the social networks. It's cake!
There is no official Facebook API for standard Java that I am aware of. Specifically for Facebook, your java app can use the REST API here http://restfb.com/
I have created a java web application using spring. I want the users of my application can be logged automatically into my application when they are logged into facebook. Any help will be highly appreciated.
It depends of your app. BTW, facebook have good documentation about this, you have to use javascript auth (there are many examples), with manually processing result or using facebook-java-api (look at FacebookSignatureUtil for example).
PS you have to register your webapp at facebook before using facebook connect
I don't think it is possible for you to get user to automatically logged into your app. Facebook stores the log in token in a cookie, this cookie will get passed back to same server, not to your server.
The click, will send request to facebook and you will get authentication token from facebook.
In fact, it is possible for facebook login button to log you into site even if user is logged out of facebook. You need to ask for "offline_access" permission.