Requiring Authentication

Use

The first step in protecting access to the car rental application is to require user authentication. For this purpose, you will use the methods getLoggedInUser()and forceLoggedInUser(). These methods are available with the UMFactory.

getLoggedInUser() returns a currently logged in user. If no user is logged on, then use forceLoggedInUser() to request for authentication.

The two methods used in this tutorial for processing user input are the POST and GET methods. Therefore, you need to include the authentication checks in both the doGet() and doPost() methods in the JSP application.

Prerequisites

The J2EE Perspective is displayed in the SAP NetWeaver Developer Studio.

The quick car rental application’s projects are displayed in the J2EE Explorer.

Procedure

...

       1.      Expand J2EE_QuickCarRentalWeb ® source ® com ® sap ®engine ® examples ®servlet ® quickcarrental.

       2.      Open the QuickReservationServlet.java file.

The servlet code appears in the multi-tab editor.

       3.      Insert the imports for the UME classes.

import com.sap.security.api.IUser;
import com.sap.security.api.UMFactory;

       4.      In the doGet() section, insert the code for checking for a logged on user using the getLoggedInUser() method. If no user is logged on, then require authentication using the forceLoggedInUser() method. See the code sample below.

   protected void doGet(
      HttpServletRequest request,
      HttpServletResponse response)
      throws ServletException, IOException {


      IUser user =
         UMFactory.getAuthenticator().getLoggedInUser(request, response);
     
if (null == user) {
         UMFactory.getAuthenticator().forceLoggedInUser(request,
            response);
        
return;
      }

      doWork(request, response);
   }

       5.      Also insert the code in the doPost() section:

   protected void doPost(
      HttpServletRequest request,
      HttpServletResponse response)
      throws ServletException, IOException {


      IUser user =
         UMFactory.getAuthenticator().getLoggedInUser(request, response);
     
if (null == user) {
         UMFactory.getAuthenticator().forceLoggedInUser(request,
            response);
        
return;
      }

      doWork(request, response);
   }

       6.      Save the file.

Result

The application will now require user authentication.

Next Step:

Creating the Permission Class for the JSP