Hii all,
I have come across something strange to me.
WM have an java API “Session”, session.getUser() gives the name of the logged in user.
In our application sometimes this service gives “default” as the user name while we are logging in using a proper user.
does anyone come across this kind of situation?
Any help will be highly appreciable.
The default session that is created is expected behaviour.
When a User connects to the IS Admin Console, even before the Authentication a default user is created and the entry is made into Session logs. After that he logs in and when he logs out, then the user details are logged that the session has ended. Once the user logs out another session is created and then this session is also killed. Therefore we have four entries in the session log. For example (if say Administrator is the user) the log entry will have following entry of username
Default->Administrator->Administrator->Default.
Below links explains in details.
[URL]https://advantage.webmethods.com/advantage?targChanId=kb_home&oid=1614327351[/URL]
[URL]https://advantage.webmethods.com/advantage?targChanId=kb_home&oid=1612095185[/URL]
Jiten
Thx for the quick response
I also got this information on WM Advantage site, wherever my concern is how to get the actual user name.
You cannot get the user name at that point because there isn’t one to get. The Default session is equivalent to anonymous access. After the user logs in, then you can get the user name.
Thx reamon,
The actual logged in user is Administrator even then it is giving as default.
that is also not a consistence behaviour, some time it gives the correct logged in user name, while some time it gives default.
I see. There is something going on with session management that we don’t understand fully or there may be a coding issue. You might ping wM tech support to see if they can shed some light on what is happening.
As per the details on the advantage, I understand that before user get authenticated by IS, a default user/sessoin is created and as soon as user gets logged in and actual session gets created.
How do you ensure the user Administrator has logged in and his session has been created. User Administrator might be in the process of authentication and thats exactly when you try to get session it gives default.
Jiten
Ok…I just confirm this behavior. Initially I can see only 1 session from user Administrator on my IS Admin page. I then tried connecting to IS Admin page from other machine and I got pop up for entering username/password. During this time if I again check number of session on IS admin, it shows two session one is the original and other is the default that just got created.
And then when I enter username/password for the second login and then i check the number of session, its again two. But the default session got convertered into the actual session.
I believe, if session.getUser() is used in a child service, username will be returned as default whereas if its current service, it will give you proper username.
In the IS admin guide, section:
Basic Authentication (User Names and Passwords)
you can see: If the client doesn’t provide username/password, the server will “proceeds using the Default user account”.
You mentioned it’s random that some session are Default, that means some client just start the connection without present username/password.
If you allow the Anonymous access to your service (in which you are doing getUser()), you will get Default.
If you doesn’t expect client to access your service anonymously, change the ACL setting to avoid the Default user have access to your service.
That way, only the value user (with valid account) will reach your service, and you will alway get a real username using getUser()