1

How can I programmatically know, in my web app, the username and password or user role of the user who is currently logged into tomcat on which the app is deployed?

River
  • 8,585
  • 14
  • 54
  • 67

1 Answers1

4

This information is available by HttpServletRequest and inherently thus also ExternalContext.

The following methods are available:

String username = externalContext.getRemoteUser();
UserPrincipal principal = externalContext.getUserPrincipal();
boolean admin = externalContext.isUserInRole("ADMIN");

You cannot get the password in any way for security reasons.

Note that the HttpServletRequest is available as #{request} in EL. So the following should also be possible:

<p>Welcome, #{request.remoteUser}</p>

<h:panelGroup id="adminPanel" rendered="#{request.isUserInRole('ADMIN')}">
    ...
</h:panelGroup>
BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • Thanks a lot. How can we logout tomcat user from within our web app? –  May 28 '12 at 12:49
  • 1
    Invalidate the session in bean's action method by `ExternalContext#invalidateSession()` (and send a redirect afterwards). – BalusC May 28 '12 at 12:58
  • tomcat session is not invalidating, I have tried all methods on different browsers. Is there in any thing we have to set in tomcat configurations for allowing tomcat logout? –  May 28 '12 at 14:27
  • You're using `j_security_check` to login, right? The invalidate should do. That it doesn't seem to work can be caused by not properly redirecting after invalidate or by seeing the pages which are actually served by browser cache instead of straight from the server. See also http://stackoverflow.com/questions/10305718/avoid-back-button-on-jsfprimefaces-application – BalusC May 28 '12 at 14:36