Access to Users Session data in a Filter

Is there a way to get access to a user's session data inside a Servlet Filter? I see you have access to the Servlet Context, but that doesn't include the getSession() function. How would I do this?
Thanks

Its pretty straight forward to get the session from a filter
public void doFilter(ServletRequest request,ServletResponse response, FilterChain chain){
HttpServletRequest req = (HttpServletRequest) request;
HttpSession session = req.getSession(true);
}

Similar Messages

Use BEx variable for user input data, not to filter.

Hi,
I have a situation where I am displaying notification task data. Each header notif has a number of tasks. These tasks are marked either newest, oldest or no mark (in the middle) for each different task code.
Using VKF's and by passing the user entered variables for newest and oldest I am able to make KF calculations.
So if I have a notif that is like this:
Notif XYZ
Task 1 Code: SCM     Date: 1/1/2000
Task 2 Code: SCM     Date: 1/4/2000
Task 3 Code: SCK     Date: 1/10/2000
If the user selects Newest = SCM and Oldest = SCK
The key figure would use those 2 different notif tasks to calculate.
This works fine.
My problem now is that since the data is displayed at the line level. When the user enteres his choices for task code, BEx will filter to find one single task item that has both the Newest and Oldest values that the user entered. It will return no data.
Example:
NOTIF    TASK      NEWEST     OLDEST
XYZ.........1.......SCM
XYZ.........3..................SCK
If user enteres Newest = SCM and OLDEST = SCK
It will look for one line with both value, returning nothing.
So, I want to simply use the BEx selection screen to pass values to my virtual code (which I already have working)- but I do not want the report to filter on a notification that only has both values as OLDEST and NEWEST tasks.
Is this possible? To deactivate the BEx filtering for two infoobjects thus only passing the user entered values to my CMOD code?
Any help/suggestions would be appreciated.
Thanks in advance,
Brandon

Hi Prakash,
Can you explain what you mean? I know using a text variable would allow me to take the user entry and apply it to the header of a column... but how would it disable filtering on what was entered?
Thx

Sharing User Session data

I have multiple java applications ( applet and jsp based) interacting with a common middleware ( statefull and stateless ejbs no entity beans).
Users initiate sessions from individual application and now need to share the state data information across the multiple applications ..
Any suggestions / tips / sample code ??

In J2EE, "sharing data" typically implies the use of entity EJBs.
There are other ways to accomplish this, for example in a single server you
can share data between clients using an in-memory cache (instead of a
database), and this is often implemented as a static Hashtable or something
similar. Be careful though ... providing your own "shared data store" is not
a "standard" like EJB, and there are implications if you try to run in a
cluster (see our Coherence product ;-).
Peace,
Cameron Purdy
Tangosol, Inc.
Clustering Weblogic? You're either using Coherence, or you should be!
Download a Tangosol Coherence eval today at http://www.tangosol.com/
"rajk" <[email protected]> wrote in message
news:3c9eb6ab$[email protected]..
I have multiple java applications ( applet and jsp based) interacting witha common middleware ( statefull and stateless ejbs no entity beans).
Users initiate sessions from individual application and now need to sharethe state data information across the multiple applications ..
Any suggestions / tips / sample code ??

Aaa network access limit user session

Hi, I'd like to limit a user to one authenticated session in aaa network access, with ASA and ACS.
Is tacacs+ accounting necessary ?
thank you in advance
RS

I have never done it with Cisco ACS so I can not offer much support on this.
However, I've done it many times on Cisco Freeware TACACS+ and it is very easy.
1- in Cisco Freeware tacacs, include "max-session = 1" under either the user
profile or group file definition.
2- in the router itself, you need to enable "ip finger". This will allow the
TACACS+ server to querry the router everytime there is a new attempt to loggin.
If you already have a session to the router, TACACS+ server will see this and
reject a new session for that same user. If the login ID is different than what
is already connected to the router, it will then be accepted:
C7140#who
Line User Host(s) Idle Location
0 con 0 idle 11w2d
* 2 vty 0 cciesec idle 00:00:00 192.168.15.9
Interface User Mode Idle Peer Address
C7140#
Now if user "cciesec" tries to login again through another session, it will
be rejected by the TACACS server:
[root@LinuxES-lab1 root]# finger @192.168.15.1
Line User Host(s) Idle Location
0 con 0 idle 11w2d
2 vty 0 cciesec idle 00:04:00 192.168.15.9
* 3 vty 1 idle 00:00:00 192.168.128.100
Interface User Mode Idle Peer Address
[root@LinuxES-lab1 root]#
Easy right?

Can't access old user profile data (folders with - signs)

Hi,
My iMac (model below) running 10.6.8 would not load from the start-up screen, so I reinstalled the OS from the instalation discs. After doing so I was able to gain access the desktop, but had been assigned a new user profile. My previous music, email, photos etc. were stored in a "previous system" folder, and while I can access the overall folder many of the sub-folders have a in the lower corner which keeps me from being able to open/access them.
Is there a way for me to open or move these files? Or perhaps reinstate this "previous user" to the system?
I am further stuck because I purchased the upgrade from 10.4, to 10.6 electronicially and now can't access the information needed to return to that system.
Any helpw would be greatly appreciated.
Thanks, Scott

Thanks Again Niel, you are super fast!!!
I went to the system preferences and then user and saw that the only user currently was also marked as "Admin". So I tried it again with my photos folder and entered the longer name and password I set up and it worked. What was different was that I changed the Admin name from the "short" name put in the field automatically to the "longer" name along with the password.
Not sure how this going to work with my email or how to get back to my upgraded version of Mac OS, but I guess I can keep playing with it and see.
Thanks again,
Scott

How do I access session data through an EJB?

Hi
How do I access session data through an EJB?
I am currantly developing a Web service (using ejb's, JBoss.net and Apache Axis). A client making a call to this Web service, is expecting a bussiness-object in return. My problem is that this bussiness-object i stored in a users session data. How do I retrieve this bussiness-object from the users session.
I have read that this does not work with httpsessions, is this true? If this is true, is it possible to store the bussiness object in a JavaBean e.g:
<jsp:useBean id="userContextWebImpl" scope="session" class="com.ac.march.client.UserContextWebImpl">
<%
String key = "test";
String value = "This is the value";
userContextWebImpl.setValue( key, value1 );
%>
</jsp:useBean>
and then retrieve this information through the EJB? Or is it possible to do this by using Statfull JavaBeans? Or can this be done through a nother solution?
Please help!

I have created a JavaBean with scope="application" to store some data. The data is stored when a user prefomes a spesific task.
A different person then makes a call to a Web-Service on the server. The Web-Service then asks an EJB to retrieve the data stored in the JavaBean (servlet cotext). In other words: How do I retrieve this data from the EJB?
I have tried with this code, but with no luck.
(ApplicationContextWebImpl is the JavaBean)
public static String getBookingResult( String key )
     String myResult = null;
     String myKey = key;
     ApplicationContextWebImpl applicationContextWebImpl = null;
     try
          applicationContextWebImpl = new ApplicationContextWebImpl();
          myResult = (String)applicationContextWebImpl.getValue( key );
     catch ( java.rmi.RemoteException e )
     return myResult;
}

Accessing Managed Session Bean in Servlet Filter

I wrote a Servlet Filter to handle user authentication. Now I'm trying to access my Managed Session Bean in the filter in order to save the current user. Unfortunately the Session Bean is created after the Filter executes for the first time.
I'm trying to access the Session Bean in this way:
(SessionBean) FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get("sessionBean");
In this case getExternalContext() is equals null.
Is there any way to create the Session bean before the filter executes or any other ideas how to handle this?
I already searched around the internet but couldnt figure out something.
Thanks guys,
Paul

Ok, fixed it like this. Works perfect. JSF finds and uses the handmade Session Bean as well.
if(request.getSession().getAttribute(BeanNames.SESSION_SCOPE_BEAN) == null) {
SessionBean sessionBean = new SessionBean();
request.getSession().setAttribute(BeanNames.SESSION_SCOPE_BEAN, sessionBean);
}Thanks,
Paul

Shared Session Data

Hello Everyone,
I have a problem that I could not seem to find a solution or best methods and practices for.
I have session level data abstracted by a package API and accessed query-inline via a table function. All this works fine; however, there is one caveat that does not. The query SQL is passed to a jobs table and executed by a scheduled job. So the job session can not see the user session data.
Is there a way to:
1) Share Session data?
2) define a table as containing Session temporary data, but public scope?
3) Group Sessions or grant session privileges (to share scope)?
4) Run a process/job under a different Session ID, or with specific Session privileges?
5) Call a procedure or function from one session, but have it Execute under a different session?
As it stands, I can either copy the data out to a permanent table (and manually implement Session ID, and Session level cleanup), change the current API and underlying global temporary table to a permanent table (and again manually implement Session ID, and Session level cleanup), or before job scheduling parse the SQL, and expand the function table data into the SQL statically.
None of these are solutions I like. I am looking for something more elegant. Any suggestions would be appreciated.
*EDIT: sorry, I forgot to add; I'm using Oracle 10g.
Thank you for your time.
Edited by: user10921261 on Mar 20, 2009 11:57 AM

Aequitas wrote:
I have session level data abstracted by a package API and accessed query-inline via a table function. All this works fine; however, there is one caveat that does not. The query SQL is passed to a jobs table and executed by a scheduled job. So the job session can not see the user session data.Correct. As a job is a brand new session that is created to execute the supplied PL/SQL code. This process does not create the session by inheriting the environment (name space details, temp tables, transactions) of the session that submitted the job.
Imagine the complexities of this when the session that created the job, terminated 24 hours ago.... would it session state (if kept persistent) still apply? And what about the complexities dealing with the overheads to somehow and somewhere store this session data for the job to re-use.
Nope.. this is not a workable solution (and nor a sensible one), so Oracle does not support it. When a job is executed, a brand new session is created for that job. (not entirely correct at a technical level as the job queue process may already exist and already have a session - but conceptually, think of a brand new session for a job).
Is there a way to:
1) Share Session data?What session data specifically? And what about a session that long since ceased to exist? What about session data that is dynamic and changing? Should then job see the version of that data at the time it was submiited? At the time is started execution? Or the data as it is currently within that session?
2) define a table as containing Session temporary data, but public scope?Does not need to have a "public scope". It can be managed via an API (PL/SQL), using the job number as unique reference number. It is even possible to create low level access control on such a table that only the job and no-one else can even see the data in that table, except for the job.
3) Group Sessions or grant session privileges (to share scope)?Nope.
4) Run a process/job under a different Session ID, or with specific Session privileges?Which session privileges? Remember that each session has two basic memory areas - the PGA (Process Global Area) and UGA (User Global Area). Both are private and non-sharable.
5) Call a procedure or function from one session, but have it Execute under a different session?Nope.
As it stands, I can either copy the data out to a permanent table (and manually implement Session ID, and Session level cleanup), change the current API and underlying global temporary table to a permanent table (and again manually implement Session ID, and Session level cleanup), or before job scheduling parse the SQL, and expand the function table data into the SQL statically.Still not sure what you imply with session data.
In my case I have a process API (running on top of DBMS_JOB ) that developers use to schedule jobs (it manages external processes, mostly used for collecting data from other non-db servers). In some cases, the caller is a Virtual Private Database (VPDB) session - with a name space that contains the keys and tokens and what not that is required for access control and security. The name space cannot be copied across to the job.
So as part of the process API that creates the job, a logon/authentication/authorisation call is added. With the calling session username. This is the same call that would have been made when the user session was created at logon time. And this call creates the name space that contains the keys and tokens required. Thus creating that batch (job) session in the background, uses the same initialisation processing that an interactive session (created from the app server) would use. The code running in that job is oblivious to the fact that the session was not created via an interactive logon from the app server.
None of these are solutions I like. I am looking for something more elegant. Any suggestions would be appreciated.If you truly want an IPC mechanism between two sessions in Oracle, two methods come to mind. Database pipes. Advance Queuing.
This is not really that complex to implement. IPC itself is not difficult. The difficult part is designing the code around cross-session communication and have that work effectively and efficiently. And within the database session context, this can be not only quite difficult to do, but also not always the very sensible thing to do.

Servlet Session data being shared

I have a bunch of servlets tha basically generate reports. The problem I'm having is that when two users run the same servlet at about the same time, one of the reports will be over written by the data of the other report. It almost seems that the users are sharing the same context.
Is there any way to fix this or do you have ny suggestions, tips as to how to prevent this.
Thnaks in advance for any help you may provide.

I ran into a similar problem not to long ago with sessions. I had an instance or global reference to the session object in my servlet. When two or more people used the servlet at just the right time I would get problems where data was getting used across sessions. For example:
public class FooServlet extends HttpServlet
     HttpSession session;
     doGet(HttpServletRequest req, HttpServletResponse res)
          session = req.getSession(false);
          doStuffWithSessionData();
     doStuffWithSessionData()
          String temp = session.getValue("temp");
          //do some stuff
}So, person A would connect to the servlet, and their session would be retreived, and the instance reference would get set to their session. Person B would connect at about the same time, their session would get retreived and the instance reference would get set to theirs... right before the getValue("temp") on person A's session is called. So, whatever I was doing for person A would end up using the data out of person B's session. I like to call this a race condition.
It is important to keep in mind that servlets are accessed by multiple threads concurrently, so you need to make sure your servlets are thread safe. Instance variables that get modified with each request are a very bad, non-thread safe thing and will cause odd behaviour like what you are describing. I speak from experience.
I fixed the above by removing the instance reference and doing the following:
public class FooServlet extends HttpServlet
     doGet(HttpServletRequest req, HttpServletResponse res)
               doStuffWithSessionData(req);
     doStuffWithSessionData(HttpServletRequest req)
          HttpSession session = req.getSession(false);
          String temp = session.getValue("temp");
          //do some stuff
          //NOTE: this works most of the time. However, if the client
          //connects with more than one browser window using the same
          //session, I could run into some trouble here too.
}That was a quick fix. However, what I really need to do is create a separate class to encapsulate all user session data and access the session and all data through public static synchronized methods on that class, passing it the request object when I do it. That way all data is stored in one object, and that object is used to do all session access in a thread-safe, synchronized manner.
I hope this information helps you and is understandable. If you have any questions I will try to clarify. Making things thread-safe can be a daunting task.

How to store jsp session data of different user in util.hashmap

how to store jsp session data of different user in java.util.hashmap
and access the data of all user on the server side
The same example is given in professional jsp but its not working.
I can use getIds() of httpsessioncontext but it's depricated

Hi
I'm trying to make an example.
With the following codes you can get the date from the session.
request.getSession().getAttribute("sessionname")
To store it in a hashmap you could do it like this ->
Hashmap hm = new Hashmap();
hm.put(Object key, request.getSession().getAttribute("sessionname"));
I hope you understand it if not just write it!
Cyrill

Is a Servlet-Filter which serializes requests in the same user session ok?

The Servelt specification states that the Web-Application is itself responsible for synchronizing access to HttpSessions. It is from the serversite not possible to prevent multiple threads to access the same HttpSession (i.e. the user could always open a second window, retransmit a form etc). My assumption is that while this does not happen often it can happen and therefore I think each access to the HttpSession must be synchronized. For a further discussion see http://forum.java.sun.com/thread.jsp?forum=4&thread=169872 .
Concurrent programming is generally complicated and errorprone. At least in developing JSPs it is inconvenient and easy to forget. My Web-App uses often HttpSession and it can be used in different not predefined places, so I had the idea to implement a ServletFilter which serializes threads which happen in the same session. This involves certainly some overhead. However for the advantages of easier code maintains and higher consistency I am ready to pay this overhead.
My question is generally what you think of this approach and second whether the way I implemented the Filter works.
The Filter actually generates for each Request an HttpServletRequestWrapper which intercepts calls to getSession and on call aquires a Lock so that other threads have to wait for the same Session. The lock is released when the doFilter method of the Filter returns. So threads run concurrently until the first access to the Session and from there they are serialized until the end of the Request.
For the details I will give the code for the Filter and the Wrapper (that?s all the code needed except the ReentrantLock which is Doug Lea?s implementation http://gee.cs.oswego.edu/dl/classes/EDU/oswego/cs/dl/util/concurrent/intro.html )
the Filter
public class SessionThreadFilter implements Filter
public static final String MUTEXT_IN_SESSION_KEY = "org.jaul.filter.SessionThreadFilter.MUTEX";
//constructor, init, destroy methods do nothing
public void doFilter(ServletRequest reqIn,ServletResponse res,FilterChain filterChain)
    throws IOException, ServletException
    //if req not instanceof of HttpRequest don't do anything
    if (!(reqIn instanceof HttpServletRequest))
      filterChain.doFilter(reqIn, res);
    } else
      HttpServletRequest req = (HttpServletRequest) reqIn;
      //We use a HttpRequestWrapper each time a user accesses
      //through this
      //Wrapper a Session is Lock is aquired. The filter method returns
      //the lock if it exists is released
      //each thread needs it's own wrapper so the wrapper itself
      //doesn't have to be synchronized
      SessionThreadRequestWrapper wrapper = new SessionThreadRequestWrapper(req);
      try{
        filterChain.doFilter(wrapper, res);
      }finally{
        ReentrantLock lock = wrapper.getLock();
        if (lock != null && lock.holds() != 0)
                   lock.release(lock.holds());
the Wrapper
final public class SessionThreadRequestWrapper extends HttpServletRequestWrapper {
private ReentrantLock lock = null;
   * Constructor for SessionThreadRequestWrapper.
   * @param arg0
public SessionThreadRequestWrapper(HttpServletRequest req){
    super(req);
   * @see javax.servlet.http.HttpServletRequest#getSession()
public HttpSession getSession(){
    return getSession(true);
   * @see javax.servlet.http.HttpServletRequest#getSession(boolean)
public HttpSession getSession(boolean construct){
    //this will get the session an the lock
    HttpSession session = getLockFromSession(construct);
    if (session == null) return null;
    //get a lock on the mutex
    try{
      lock.acquire();
    } catch (InterruptedException e){
      throw new IllegalStateException("Interrupted while thread waiting for session");
    //now we check again if the session is still valid
    try{
      session.getAttribute(SessionThreadFilter.MUTEXT_IN_SESSION_KEY);
    } catch (IllegalStateException e){
      //again we go recusively but first release the lock
      lock.release();
      lock = null;
      return getSession(construct);
    //after you got the lock you can return the session
    return session;
   * gets the lock from the session
   * @param construct
   * @return HttpSession
private HttpSession getLockFromSession(boolean construct){
    //test if it is a new Session
    HttpSession session = super.getSession(construct);
    //if is null no session was realy requested
    if (session == null) return null;
    //otherwise try to get the lock if necessery construct it
    //syncrhonized over session
    synchronized (session){
      //this migth throw an Exception if the session has been
      //invalidated in the mean time
      try{
        lock = (ReentrantLock) session.getAttribute(SessionThreadFilter.MUTEXT_IN_SESSION_KEY);
        if (lock == null){
          lock = new ReentrantLock();
          session.setAttribute (SessionThreadFilter.MUTEXT_IN_SESSION_KEY, lock);
        return session;
      } catch (IllegalStateException e){
        //the session has been invalidated before we tried to get the
        //lock we recursively call getLockFromSession
        //( assumption checked with Jetty: if the session is invalidated
        //and getSession is called on the thread a new valid session
        // should is returend)
        //I hope sometime you should get a valid session but I am not
        //sure. This is crucial for breaking of the recursion
        lock = null;
        return this.getLockFromSession(construct);
/** used by the Filter to get the lock so that it can release it
ReentrantLock getLock(){
     return this.lock;
}As stated I would be very thankful if you could check the code and give some commends.

synchronized (session){Are you sure that the session instance returned by two
concurrent calls to getSession(...) are the same? I
think that tomcat for instance may return different
instances for the same "logical " session, which would
break your scheme I think... Thank you (I did not know that on Tomcat). The same thing could also occur if another filter wrapped the Session.
That's indeed a problem,which I have already adressed in another thread, but did not get an answer. ( http://forum.java.sun.com/thread.jsp?forum=33&thread=412380). The already cited thread http://forum.java.sun.com/thread.jsp?forum=4&thread=169872 adresses the same problem, but the discussion there ends with the recomandation that you should synchronize on HttpSession as I did it. Also in other forums I've read so.
However like you I've at least strong doubts in this approach, so now my question is on what should I than generally for any access in any web-app syncrhonize the access to Http-Session as demanded by the Servlet specs.
A few not realy satisfying answers:
Synchronize on the HttpSession itself: I think still the best approach, but as you say is it guaranteed that the same instance of an HttpSession is given to each Request (in one Session)?
Synchronized on the HttpServlet: This only works if no other servlet (or jsp) accesses in the session the value with the same key ( of course only if the session itself is threadsave). In case of ThingleThread it is not possible at all there can be multiple instances (you could use a static variable)
Holding the object to synchronize on in applicaton scope or session scope: This obiously doesn't help, because somehow you have to obtain the lock and at least there you need another synchronize.Holding in application socpe is slow a static variable lock would be better there.
Synchronize on some static variable: This will work, but is very slow (each request not only in the same session would synchronize on this).
Hold a map in application scope, which holds for each Session-key a lock: Is probably faster than the static variable thing. However the access and the management of the Map (removing of unused locks etc.- Mabe you could use a WeakHashMap to collect the locks for not used keys anymore) is time consuming too and again the map must be accessed syncrhonasly by all requests.
Syncrhonize on the Filter (only in my case): This is as slow as the static variable approach because each request will use the same lock the one instance of the Filter.
So synchronizing on the session is propably the best approach if the same attribute name is accesed by different servlets. However if you say that some Web-Containers return different HttpSession instances for the same Session (which is legal according to the specification) this of course does not work.
So I have realy no clue on what to syncrhonize than. Now help is not only neede on my Thread serialization filter but on my generally Servlet prgromming.
May be you could help me for another synchronization aproach.

Sharing data between two separate user sessions

Hi all!
I have been trawling my brain for a solution to this - any help will be appreciated!
I would like to create a single instance of a class but share that instance over more than one user session (two separate users but both running concurrently).
Just as you can pass data between sessions using ABAP memory - I would like to pass data (specifically an object reference) between two separate users that could even be logged in to two separate application servers...
Even a mini Client/server solution would suffice but I cannot figure one out!
Is this possible?
Many thanks for your thoughts in advance...
N

Hello N K,
sorry thats not possible. Sharing a data item / object instance requires at least a common physical memory. As this is not guaranteed between different app. server this is technical not possible.
With release 640 ABAP offers the new feature Shared Objects. These mechanism allows access by different users and some propagation to differnt servers.There is an interesting article on the ABAP SDN homepage
https://www.sdn.sap.com/sdn/developerareas/abap.sdn
For relases below more or less the database is the only chance to store data accross application servers (known to me). One exception might be the ENQUEUES which might (mis)used to store some Flags.
Kind Regards
Klaus
Link to Shared Objects PDF
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/shared objects in abap

How to replicate session data at the user level?

Hi all,
my client has users who use laptop/tablet computers in the field with wireless connections. The application requires the users to complete long multi-page forms where the data is only submitted to the EIS layer at the end of the process. The connections regularly drop out which understandably is a cause of some grief. In addition, the users want to be able to switch to another machine in order to complete their session.
The 'switching machine' requirement kills the idea of using persistent cookies and session replication unfortunately. So I am faced with the idea of storing the session data (keyed by user id), in serialized form, either on a stand-alone disk which is accessible by each webserver in the cluster or is the database. The problem with the database idea is the performance hit of traversing the EJB and JDBC layers.
Can anyone suggest the best practice in this case? Or point to an article or tool that covers the problem?
BTW, the app serves a small (<50) and stable base of authenticated users so scalability is not really an issue whereas failover is.
Regards,
Dave.

> Is it possible to close a PO at the header level
Po can be closed at Item level and not Header level. You can set Deletion Indicator and further can be archived thru SARA MM_EKKO
or a way to deactivate the PO so that no new items can be added?
You can activate Release strategy and Choose a Proper Release indicatory so that no new changes to be carried out.
Else go for User Exits

Error in Accessing User Mapping Data

Hi,
When i tried User Mapping by going to
"UserAdministration -> UserMapping" , or
"Personalize" -> "User Mapping"
it gives the error msg ,
Problem in accessing user mapping data for selected system.
Due to this i am not able to create appointments or see the availability status of a user.
Also, for your information i have Strong Encryption files installed.
Pls help.
Thanks in advance..

Hi venkat,
You need to change the default value in UME configuration
System admin -> System Config -> UM Configuration -> Direct Editing
ume.usermapping.unsecure=TRUE
Regards
PS: Please consider rewarding point

What Are The Minimum Permissions In Order An User To Be Able To Access User Profile Data With JavaScript And REST API

The question says it all:
What Are The Minimum Permissions In Order An User To Be Able To Access User Profile Data With JavaScript And REST API.?
In the User Profile -> Permissions there is only the option for "Full Control".

Hi Nikolay,
Thanks for posting your issue, you need to set permissions on User Profiles = Read. Kindly find the below mentioned URLs to get the code and more details on this.
http://www.vrdmn.com/2013/02/sharepoint-2013-working-with-user.html
http://www.vrdmn.com/2013/07/sharepoint-2013-get-userprofile.html
http://sharepoint.stackexchange.com/questions/61714/sharepoint-2013-call-the-rest-api-from-sharepoint-hosted-app
http://www.dotnetmafia.com/blogs/dotnettipoftheday/archive/2013/04/09/how-to-query-sharepoint-2013-using-rest-and-javascript.aspx
I hope this is helpful to you, mark it as Helpful.
If this works, Please mark it as Answered.
Regards,
Dharmendra Singh (MCPD-EA | MCTS)
Blog : http://sharepoint-community.net/profile/DharmendraSingh

Access to Users Session data in a Filter

Similar Messages

Maybe you are looking for