I am building a web application for an intranet. And i was required to implement single sign on i.e authenticate the user based on his system(pc/laptop) username. Until today I was very happy since everytime I tested my login page which basically picks my system username and logs me in without asking for a username. That is what I needed. However, today just to test my application from an another system in intranet when i opened the login page it still picked up my own username. Just to make things more clear here is the eg. if my system's name is User1 this login page shud pick up User1 and authenticate with the database and takes me to the home page. However when I tested my login page from a different system which has username User2. The login page still picked up my own systems username i.e. User1 not User2 since I was logging in from system User2.
Can someone please throw light on my mistake or something I missed to include. Is username = System.getProperty("user.name"); is right method to pick username from different systems accesing my login page?
Some detail about configuration:
Here is my controller class code snippet
public boolean validateUser(String username) {
String sysName = System.getProperty("user.name");
System.out.println("System User is: " + sysName);
if (username.equalsIgnoreCase(sysName)) {
String checkUser = (String) entityManager
.createQuery(
"select u.username from User u where u.username =:username")
.setParameter("username", username).getSingleResult();
System.out.println("User found in database: " + checkUser);
if (checkUser.equalsIgnoreCase(username)) {
System.out.println("Loggin sucessful!");
return true;
} else {
System.out
.println("User does not exists in the system. Thus second failed");
return false;
}
} else {
System.out
.println("User not logged in from own system thus first failed");
return false;
}
}
My ManagedBean class code snippet
public String username = System.getProperty("user.name");
// private String username;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String login() {
FacesContext context = FacesContext.getCurrentInstance();
if (uDB.validateUser(username)) {
userId = uDB.findUser(username);
context.getExternalContext().getSessionMap().put("userId", userId);
if (uGDB.validateGroup(userId)) {
return "home.jsf?faces-redirect=true&includeViewParams=true";
}
return "normalHome.jsf?faces-redirect=true&includeViewParams=true";
} else {
FacesMessage message = new FacesMessage();
message.setSeverity(FacesMessage.SEVERITY_ERROR);
message.setSummary("Username doesn't exists! OR User is trying to login from someone else's account");
context.addMessage("", message);
return null;
}
}
OK, so I thought to extend my question with my current findings and what I implemented a while ago. Below is my SSOApplet.class I wrote to get the username from the system.
SSOApplet.class
import java.applet.Applet;
public class SSOApplet extends Applet {
/**
*
*/
private static final long serialVersionUID = 1L;
String sysUser = null;
public String getSystemUsername() {
try {
sysUser = System.getProperty("user.name");
return sysUser;
} catch (Exception e) {
System.out.println(e);
return null;
}
}
}
And then I plugged it into my XHTML page inside the body
<object>
<param name="myApplet" value="SSOApplet.class" />
</object>
Now trying to search how can i pass this string value from the applet to the loginBean. I am totally clueless on the next step. Tried to google the answer but all I could understood from that is I have to write a javaScript now? In order to set the value of username which the applet picked up. Can someone please guide me now what should be my correct next step? How can I now pass the system username to my loginBean without prompting user for any input?
Java/JSF code does not run in the webbrowser. It runs in physically the same machine as where the webserver runs. It does not run in the machine as where the webbrowser runs. The process is as follows:
Your mistake is that you somehow expected that Java/JSF code runs in the client side. This is a pretty major misunderstanding.
Basically, in order to run Java code in the client side, you need create a Java applet or Java web start and embed it in the HTML output via the <object> element. This way the client will download the Java program and execute it locally (thus, at physically the same machine as where the webbrowser runs). Note that that environment is usually sandboxed, you may need to sign it in order to have more permissions, such as obtaining the system information.
However, for your concrete functional requirement, likely a completely different solution ought to be sought. Look at mechanisms like single sign on (SSO) and/or LDAP. Contact the server admin for details.