aspose file tools*
The moose likes Servlets and the fly likes Retrive authenticated user attributes from Active Directory using principle obj from request Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Retrive authenticated user attributes from Active Directory using principle obj from request" Watch "Retrive authenticated user attributes from Active Directory using principle obj from request" New topic
Author

Retrive authenticated user attributes from Active Directory using principle obj from request

Arpit Garg
Greenhorn

Joined: Jan 20, 2010
Posts: 1
Hi All,
I want to retrieve the authenticated user attributes from Active directory. I am doing authentication through the j_security_check feature provided in tomcat. The Realm I am using is JNDIRealm. After doing successful authentication on login page the user request forwarded to my servlet(for example "LoginServlet"). In this servlet I required to fetch the other authenticated user attributes(example first name, last name, telephone, email address). Now the challenge comes here that I am restricted to fetch only limited information about the authenticated user; roles etc. But I am unable to fetch the first name, last name also of the authenticated user(by specifying the username as input) from active directory.

I am taking the help of GenericPrinciple.java class provided by the apache. Part of the code written in my LoginServlet.

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Principal userPrincipal = request.getUserPrincipal();
String roles[] = (String[])(userPrincipal.getClass().getMethod("getRoles", null).invoke(userPrincipal, null));
String userName = request.getUserPrincipal().getName();
GenericPrincipal genericPrincipal = (GenericPrincipal)userPrincipal;
// WHAT ARE THE NEXT STEPS TO FETCH OTHER ATTRIBUTES.
}

If anybody knows please help me out.
Thanks
Arpit
Wal Samaad
Greenhorn

Joined: Jan 20, 2010
Posts: 17
Hi, i would also love to pull user attributes directly from Active Directory, of course i dont know and i am not bothered. Have you tried use Sun Directory services to synchronise directory data from Active Directory, then use the JNDI API to get all you want except the userPassword attribute, which i am also having problems with and asking for help. cheers.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16070
    
  21

As part of the realm-independent architecture of the J2Ee container security system, the only real identifying information you can get about an authenticated user is the UserName string and User Principal objects. Because you can do things like test an app using a tomcat-users.xml file (MemoryRealm) but deploy on AD, and even switch to JDBC without recoding, there's no API to pull AD stuff in the security subsystem.

On the other hand, if you know the user ID, you usually have what you need to to a JNDI/LDAP search of the AD server directly. A side benefit of this (in exchange for having to configure and code for LDAP) is that even a non-AD-authenticated webapp can still retrieve user info from AD.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
 
subject: Retrive authenticated user attributes from Active Directory using principle obj from request