How to check whether the user has a certificate or not?

Hi everyone.
We're currently finishing a web project and the last step is to check whether users accessing the application have a valid certificate or not.
Users with a valid certificate can access all the data. Users without any certificate installed on their browsers may still proceed, but they won't be able to see all data. Please note that the lack of a certificate doesn't mean an error - it's just another use case.
Is there any way to check whether users have a certificate installed on their browsers?
Thanks in advance.
Edit: sorry, I forgot to post some tech details. We're using Struts 1.2 on a Tomcat 5 app server.
Message was edited by:
advaca

I am not sure how Tomcat handles this, but you need to use two-way (mutual authentication) request but not enforce SSL between Tomcat and the client browser. This will make the browser prompt the user for the cert they want to send. Then you'll need to tackle the other part of your problem, getting the correct content displayed depending on whether the user sent a cert or not. I'm even less help there than I was on the first part of your question.
So, yeah - good luck with that
Lee

Similar Messages

  • How to check if the user has only the display authority of a message

    hi,
    How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
    Best regards,

    hi blake
    though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
    Basically Authorization Management 
    Use
    You can use the following authorization objects to control the authorizations for maintaining business partner data:
    •        Authorization objects for the Business Partner:
    •             B_BUPA_GRP
    •             B_BUPA_ATT
    •             B_BUPA_FDG
    •             B_BUPA_RLT•       
    Authorization objects for relationships:
    •             B_BUPR_BZT
    •             B_BUPR_FDG
    In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
    You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
    In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
    For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developer’s Handbook for the BDT under  Authorizations.
    IntegrationAuthorization management for the Business Partner forms part of the  SAP authorization concept.
    Prerequisites
    You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
    Moving over
    AS ABAP Authorization Concept 
    The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
    To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
    Authorization Checks 
    To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
    The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
    •        Starting SAP transactions (authorization object S_TCODE)
    •        Starting reports (authorization object S_PROGRAM)
    •        Calling RFC function modules (authorization object S_RFC)
    •        Table maintenance with generic tools (S_TABU_DIS)
    Checking at Program Level with AUTHORITY-CHECK
    Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
    AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
    Starting SAP Transactions
    When a user starts a transaction, the system performs the following checks:
    •        The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
    •        The system then checks whether the user has authorization to start the transaction.
    The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
    •             The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
    •             If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
    If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
    •        The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
    The check is not performed in the following cases:
    You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
    This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
    •             You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
    •             So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).
    All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
    Starting Report Classes
    You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
    We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
    You must consider the following:
    •     •         After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
    •     •         There are certain system reports that you cannot assign to any authorization class. These include:
    •     •         RSRZLLG0
    •     •         STARTMEN (as of SAP R/3 4.0)
    •     •         Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
    •     •         Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
    Calling RFC Function Modules
    When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
    Checking Assignment of Authorization Groups to Tables
    You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
    You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
    please See also:
    •        SAP Notes 7642, 20534, 23342, 33154, and 67766
    guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
    but if u sit with ur BASIS guy then u can learn lot of things in PFCG
    i guess u r a basis guy,then its not a problem
    best regards
    ashish

  • How to check whether a user has permission to create term in Taxonomy Term Store using CSOM ?

    I want to check programmatically whether the current user is a Term Store Administrator or not.

    I am not sure how Tomcat handles this, but you need to use two-way (mutual authentication) request but not enforce SSL between Tomcat and the client browser. This will make the browser prompt the user for the cert they want to send. Then you'll need to tackle the other part of your problem, getting the correct content displayed depending on whether the user sent a cert or not. I'm even less help there than I was on the first part of your question.
    So, yeah - good luck with that
    Lee

  • How to check if the user has log in when he log in again?

    Hi all,
    I was wondering how to track if the user has already log in?
    When this user using browser A to log in then he try to log in using a new browser, then hw I am I going to know that, and terminate his session?

    Hello!
    You can try this code if you want that if a user is login at a machine and tries to login from the other, then he can continue his processing at second machine ('cos it will get the high priority) but can not process from the first machine. This code allows to login but only second one will be active.
    <jsp:useBean id="monitor1" scope="application" class="java.util.HashMap"/>
    if(monitor1.containsKey(num)){
    HttpSession oldSession = (HttpSession) monitor1.get(num);
    oldSession.invalidate();
    monitor1.remove(num);
    monitor1.put(num , session);
    But if you want to restrict it at the time of second login then u can use any of the techniques discussed above.
    aNTUMNIHA

  • How to check whether a user session is null or not

    Hi
    I am using Jdeveloper 11.1.2.2
    I have a use case of running some Junit test case, this is the problem I have :
    There are some Junit tests which are written for some VO's. While testing insert and update operation in Junit there is two mandatory columns Created by and Updated by to be entered for committing into the database.
    These values are taken from the UserName of the current UserSession .
    So for getting the these values for each user I thought of displaying a JPanel before the test is run, where the user enters the Username and password which is validated and the user is verified.
    First, I need to check whether there is a session present or not. For checking this, I wrote a createUserSession() and did like this inside it :
    if(fixture.getApplicationModule().getSession().getUserData().isEmpty())If so to show the Jpanel and get the user details and verify the user.
    But while running the test itself I found that the session is already present, now I just have to input the values based on who is the user.
    But Junit doesn't run the tests in the order in which the test are written. So I have to call this in all the test cases.
    The Question is :
    How can I check whether the session is already present or not, so that I don't have to ask the user every time while every test is running to enter the Username and Password ?
    Thanks,
    Nigel.
    Edited by: Nigel Thomas on Jul 30, 2012 10:26 AM

    Hi,
    wondering why don't you create test users and then automatically log them in as Jan Vervecken did on the threads I pointed you to. This way your test cases run without user interaction. To test if a session exists for a user, I would put a custom property into user data. If this property exists, the user session is an existing one. However, make sure the information you save into the user data survives passivation as otherwise the information you get out of this is not accurate. See: http://tompeez.wordpress.com/2011/07/08/jdev-always-test-your-app-with-applicationmodule-pooling-turned-off/
    Frank

  • How to check whether the Application Server directory exits or not

    Hi,
    I have a selection screen in which I give the Application server file name(UNIX file) as input. Here, I would like to check whether the Server directory exists or not.
    Let us say, the path I gave in the selection screen is /usr/sap/tmp/testfile.txt . Here, the file name is testfile.txt and the server directory is /usr/sap/tmp . I would like to check whether this directory /usr/sap/tmp exists in the server or not. I am not bothered about the file name as I am going to write data into the file. I am mainly concerned about whether the directory exists in the server or not. and one more thing... this is the Application Server path not the Local path.
    Can anyone help me on the same how to check whether the server directory exists or not.
    Thanks in advance.
    Best Regards,
    Pradeep.

    Also you can use the FM EPS_GET_DIRECTORY_LISTING for this purpose.
      Store the directory name
        l_dpath = p_file+0(l_no).
      Validate the directory of the application server
        CALL FUNCTION 'EPS_GET_DIRECTORY_LISTING'
          EXPORTING
            dir_name               = l_dpath
          TABLES
            dir_list               = l_i_dlist
          EXCEPTIONS
            invalid_eps_subdir     = 1
            sapgparam_failed       = 2
            build_directory_failed = 3
            no_authorization       = 4
            read_directory_failed  = 5
            too_many_read_errors   = 6
            empty_directory_list   = 7
            OTHERS                 = 8.
      If any problem occurs with the directory then display proper
      error message
        IF sy-subrc <> 0.
        Display error message
          MESSAGE e018 WITH 'Problem with directory entered'(008).
        ENDIF. " sy-subrc <> 0
    Regards,
    Joy.

  • How to check whether the system has eclipse environment: urgent

    Hi gurus
    can you please tell me how to check whether my crm system has eclipse envirionment.
    Thanks
    shashi

    There is no way to check whether a system is used productively or not, I believe what you mean is checking a client is productive or not in an ABAP-stack based system. Remember although a SAP ABAP system is identified by a SID but from a business perspective the system is recognized by a client, as it is a unique business identity.
    Thus, to check whether the client is productive or not in txn SCC4 check the role of the client, it will show you the correct status. The data of SCC4 is stored in table T000, you can also opt to check that.
    - Regards, Dibya

  • Check whether the user has clicked yes or no from air installer

    Hi,
        I am instaling the Adobe air from my application. I want to know whether the user clicked on yes button or no button in the air installer.
    Regards,
    Jayagopal.

    Hi,
    Checking user existence from the Site Groups may result in permission issue.  As every user might not have permission to the site groups.  I have tested this scenario.
    In my opinion, best to use the User groups collection to check whether user belongs to specific group or not.
    Here is the sample code.
    SPUser currentUser = SPContext.Current.Web.CurrentUser;
    SPGroupCollection currentUserGroups = currentUser.Groups;
    foreach(SPGroup currentUserGroup in currentUserGroups)
    if(currentUserGroup.Name == "xyz")
    // Do your operations
    Please don't forget to mark it answered, if your problem resolved or helpful.

  • How to check whether the report is being called or not

    Iam using srw.run_report.for calling another report. I have registered both the report in oracle apps11.0.3. When i run the master report in oracle apps I want to see whether the second report is called or not. How to check this.
    Thanks.

    try to check it in C:\Reports6i\Bin
    C:\Reports6i\Bin <-- this may varry depending on the location of your reports.
    btw, are you generating a pdf file?

  • How to check whether an invoice has been paid or not?

    Hi,
        In FI, how should I check whether an invoice is paid fully and also whether it has any residual item?
    And how should I pay an invoice with some residue? Which transaction I should use and what are the steps to do that?
    Since I'm new to FI, any guidance will help me a lot...
    Thanks,
    Priya.

    Hi Priya,
    you create a posting with residual items as follows:
    <b>Incoming payment</b>
    1. Start transaction F-28
    2. Enter all required information and click on <i>Process open items</i>
    3. On the next screen click on the tab <i>Res. items</i>
    4. Make sure that only the items that you want to pay are highlighted ((Net amount appears in blue)
    5. For each line item enter the residual amount that is still to be paid (Example: you have one invoice over 100 USD and 80 USD are paid, you enter 20 USD, since this is your residual that still needs to be paid)
    6. Save
    <b>Outgoing payment</b>
    1. Start transaction F-53
    2-6. is identical to incoming payment
    Regards,
    Claus

  • How to check whether the Workflow event is triggered or not ?

    Hello All,
        My scenario is like this :
    1. Go to MM02
    2. Change a material of any view other than the classification.
    3. Save it.
    4. Go to transaction SWEL and check there .
    5. An entry has been created in that across the object type Y01BUS1001.
    6. Now I can check in the Transaction CFG1 the Log details.
    7. This is correct.
    8. Now the same procedure is not working when I change the material for the classification View.
    9. Do i need to check something else ?
    10. When the classification data is changed for a material the Object type Y01BUS1003 has to be triggered.
    Can any one help me out ?
    Regards,
    Deepu.K

    Hi,
    If you are using the Event collector, you can check in from RSA1-> Tools-> Event collector. You cannot trace whether that event was raised from anywhere I think
    Regards

  • How to check whether the new records are inserted or not in SSIS

    Hi All,
    I have a SSIS package which insert data from Table A  to Table B . I need to insert only new records to Table B. If any record is not there it should insert the record if not ignore that record.
    I used Lookup Transformation but it doesn't works from me, which tab should i need to select? Like in General tab we have  ignore failure, Fail Component,Redirect rows to no match output, Redirect rows to error output?
    Please help me on this issue. 
    Thanks, Shyam Reddy.

    On what basis you're doing the lookup? Are you using correct column for the lookup? It should be based on common columns based on which tables are related (mostly primary key column)
    Can you also show the column tab to see how you've done the mapping  ?
    Please Mark This As Answer if it helps to solve the issue Visakh ---------------------------- http://visakhm.blogspot.com/ https://www.facebook.com/VmBlogs

  • What's the best way to check whether a user is logged in or not?

    I have a question about basic session handling.
    I'm running Tomcat 5.0.30 and have a web application where users can register with a username and password, and then log into a "member site".
    What is the best way of making sure that a user actually has logged in or not?
    What I've done in previous applications I've made is that I've just put a simple variable into the users session after he has successfully entered his password (i.e. Boolean loggedIn=true). Then I just test if this flag is true to grant him access to the member site. Is that a smart way of doing it?
    Are there any libraries I can use which handles sessions for me in a secure way?
    All comments and suggestions are appreciated!

    Maintain a flag using session attributes it to one when the user is logs in set it to value.... and change set it zero or invalidate that session... when the user is logged out...
    use something like this while user had logged in
    session.setAttribute("flag",<unique_number>);
    for checking whether the user had logged in or not...
    if(Integer.parseInt(session.getAttribute("flag").toString())=!<unique_number>){
    out.println("The session had expired");
    out.close();
    }

  • Where to check whether the user is Admin  or developer?

    how to check whether the user is Admin or developer????? after he sign's in......I want to use role based login!!!!

    Login into a workspace or login into an application?
    Denes Kubicek
    http://deneskubicek.blogspot.com/
    http://www.opal-consulting.de/training
    http://apex.oracle.com/pls/otn/f?p=31517:1
    -------------------------------------------------------------------

  • How to verify that the user has changed table row data before db update

    Hi all,
    Iam using Oracle ADF with EJBs.
    I have a single selection table that displays rows of data returned from a function of my data control.
    The columns of my table are editable so that the user can change the data. The user selects a row, changes the data in one or more columns of the row and saves the data by means of a submit button. The code in the submit button, identifies the row of the corresponding iterator that the user clicked on and updates the data in the database (using the 'mergeEntity' function of the EntityManager)
    Before saving the data, I want to put some logic to check whether the user has actually changed some data to avoid unnecessary updates in the database . But for this I need a technique to detect that the user has indeed changed some data in the table row.
    One technique I have been using so far was to isolate the iterator row of the table and then query the corresponding row in the database table and compare their values.
    Except from dummy, this technique is not efficient if the table contains many rows.
    Moreover, in my case I have observed that on successive updates on the same row , the query on the database returns the new values (user changed values) and not the actual values contained in the database table. This means that when the user updates an iterator row the cached data affect also the results of the SELECT statement from the actual database table!!! Isn't this strange ?
    Can somebody propose me a neat method to detect when the user has changed the the data of an iterator row ?

    Hey Alan,
    The below solution seems overly complicated to me and can not be implemented without a custom screen and/or the use of JavaScript. Also, if your main concern is that a user may accidentally loose all their data because they closed the browser window or the session times out before they hit the save button then this solution does not help you.
    There are a couple of simpler approaches you can take here:
    # If the use of JavaScript is permissible you can hook into the windows 'onUnload' event, and pop-up a message box which gives the user the opportunity to cancel closing the window and save their case if they haven't already.
    # Implement an autosave feature by hooking into one of events provided by web determinations. A simple (but rather naive) way of doing this would be to hook into the OnRenderScreenEvent and call save on the interview session every time the event fires. This guarantees that all the data the user has submitted will aways automatically be saved, thereby removing the need to make sure the user manually saves their data before closing the browser.
    Automatically making Web Determinations close a browser window has to be done using JavaScript. However, doing so means that a) it won't work for people who turn off JavaScript, which is commonly done for accessibility reasons b) you'll likely run afoul of the browser's security mechanism (they generally won't let you close a window that you didn't open and some really don't like you doing that at all).
    Thanks,
    Kristy

Maybe you are looking for