I'm new here, but reading many times this pages. I have a complex problem, and i'm not native english so excuse me in the first places if i don't have understandable.
I write a portlet to our old Oracle Portal 10g server. In the portlet a javascript function posts some data with ajax to a servlet.
I want to identify the user, when calling servlet. Can i pass something from portlet session? Like in the portlet, there is a PortletRenderRequest, and i can get the username, and rights to that user.
My theory portlet function in short: its a form, if someone fill it, and send the data with javascript ajax to the servlet, i want to check, that sender have a rights to inserting data to the database (and what is her/his name). Now it works, that portlet gets user data and write to a input hidden element value, and the javascript read it, and send with the post, but that is easily hackable, and awful solution.
Now in theory it looks like this:
portlet.jsp:
<%
PortletRenderRequest pReq = (PortletRenderRequest)request.getAttribute(HttpCommonConstants.PORTLET_RENDER_REQUEST);
String userNev = pReq.getUser().getName();
session.setAttribute("username",userNev);
System.out.println("session ID in JSP: "+session.getId());
%>
<button class="btn" type="button">Upload data</button>
<script type="text/javascript">
$(function() {
$(".btn").click(function(){
/*.....*/
$.post( "/demo/servlet", poststring);
});
});
</script>
servlet:
public class servlet extends HttpServlet {
public void doPost(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
HttpSession session = (request.getSession());
System.out.println("Session ID in servlet: "+session.getId());
/*....*/
}
}
Currently it's running in JDeveloper 10.1.3.5.
Every page refresh shows different "session ID in JSP" in console, but "Session ID in servlet" not changing, so it has to be the right one.
So now only task is to put data in the right HttpSession, I just have to access somehow in the jsp page.
HttpSession Session = request.getSession(); on jsp page gives back wrong session (which is changing every refresh).
EDIT:
After all the question is answered by @Jonathan. It lead to additional question, like how to get HttpSession on jsp page?
I find out, that session = HttpSession = ProviderSession on jsp page, and not equal with HttpSession in servlet.
(if i set the login frequency on the provider registration page to "always", ProviderSession on jsp page didn't changing with page refresh)
I'm not really know the difference between ProviderSession and HttpSession, and how to access from one to another. If i can reach ProviderSession from servlet, it will be the same from point of usage?
Application Session exists in both Servlet and Portlet containers. It is one of the ways of sharing data (crude Inter-Portlet Communication) from the render phase to the action phase (or any lower phases) in the portlet containers. what is the difference between a portlet and a servlet?
So when a user logs into your application, you set a session variable, in this example "loggedInUser". Then in the servlet, before doing any database requests, you check if the session variable is empty or not. Like this:
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
HttpSession session = (request.getSession());
//check if there is a loggedInUser session variable
if(null == session.getAttribute("loggedInUser")){
request.setAttribute("pleaselogin", "Not Logged In. Login or register to do this.");
RequestDispatcher rd=request.getRequestDispatcher("Error.html");
rd.forward(request,response);
}else{
String username = (String) session.getAttribute("loggedInUser");
//do database logic
}
}