Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Retrive authenticated user attributes from Active Directory using principle obj from request

 
Arpit Garg
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
I want to retrieve the authenticated user attributes from Active directory. I am doing authentication through the j_security_check feature provided in tomcat. The Realm I am using is JNDIRealm. After doing successful authentication on login page the user request forwarded to my servlet(for example "LoginServlet"). In this servlet I required to fetch the other authenticated user attributes(example first name, last name, telephone, email address). Now the challenge comes here that I am restricted to fetch only limited information about the authenticated user; roles etc. But I am unable to fetch the first name, last name also of the authenticated user(by specifying the username as input) from active directory.

I am taking the help of GenericPrinciple.java class provided by the apache. Part of the code written in my LoginServlet.

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Principal userPrincipal = request.getUserPrincipal();
String roles[] = (String[])(userPrincipal.getClass().getMethod("getRoles", null).invoke(userPrincipal, null));
String userName = request.getUserPrincipal().getName();
GenericPrincipal genericPrincipal = (GenericPrincipal)userPrincipal;
// WHAT ARE THE NEXT STEPS TO FETCH OTHER ATTRIBUTES.
}

If anybody knows please help me out.
Thanks
Arpit
 
Wal Samaad
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, i would also love to pull user attributes directly from Active Directory, of course i dont know and i am not bothered. Have you tried use Sun Directory services to synchronise directory data from Active Directory, then use the JNDI API to get all you want except the userPassword attribute, which i am also having problems with and asking for help. cheers.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18025
47
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As part of the realm-independent architecture of the J2Ee container security system, the only real identifying information you can get about an authenticated user is the UserName string and User Principal objects. Because you can do things like test an app using a tomcat-users.xml file (MemoryRealm) but deploy on AD, and even switch to JDBC without recoding, there's no API to pull AD stuff in the security subsystem.

On the other hand, if you know the user ID, you usually have what you need to to a JNDI/LDAP search of the AD server directly. A side benefit of this (in exchange for having to configure and code for LDAP) is that even a non-AD-authenticated webapp can still retrieve user info from AD.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic