aspose file tools*
The moose likes Java in General and the fly likes Windows username? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "Windows username?" Watch "Windows username?" New topic
Author

Windows username?

Kerry Baer
Ranch Hand

Joined: Jun 23, 2010
Posts: 39
We have an internal website where we want to automatically grab the Windows Username within the application code so that we can automtically run their permissions against LDAP and provide them with appropriate screens for user access.

With all of the methods we have tried, we end up getting the Username that the web application is using when we deploy to the web server.

Can anyone tell me if there is a way to automatically get the Windows Username of the the client sending the request to the web server?
John Jai
Bartender

Joined: May 31, 2011
Posts: 1776
Send the client user name as a parameter in the request. You can get the client user name using below code
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61433
    
  67

John Jai wrote:Send the client user name as a parameter in the request. You can get the client user name using below code


No, that won't work. Any Java code is executing on the server and has no access to the environment of the client.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19720
    
  20

Turn on Windows authentication, then use request.getUserPrincipal().getName(). You may have to strip away the leading (DOMAIN\user) or trailing (user@DOMAIN). Note that without any authentication turned on, request.getUserPrincipal() returns null.

As for how to turn on Windows authentication, try Google first. It also depends on your web container.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
Kerry Baer
Ranch Hand

Joined: Jun 23, 2010
Posts: 39
Rob Spoor wrote:Turn on Windows authentication, then use request.getUserPrincipal().getName(). You may have to strip away the leading (DOMAIN\user) or trailing (user@DOMAIN). Note that without any authentication turned on, request.getUserPrincipal() returns null.

As for how to turn on Windows authentication, try Google first. It also depends on your web container.


We tried this method and it always returned null. Maybe we are not setting up Windows Authentication properly in Tomcat 6?

Also, if you set up Windows Authentication, does that mean that the user will have to enter their credentials when they try to access any website on the server? We don't want them to have to enter any credentials at all no matter the site. We want it all to be automatic behind the scenes.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19720
    
  20

Kerry Baer wrote:
Rob Spoor wrote:Turn on Windows authentication, then use request.getUserPrincipal().getName(). You may have to strip away the leading (DOMAIN\user) or trailing (user@DOMAIN). Note that without any authentication turned on, request.getUserPrincipal() returns null.

As for how to turn on Windows authentication, try Google first. It also depends on your web container.


We tried this method and it always returned null. Maybe we are not setting up Windows Authentication properly in Tomcat 6?

That seems to be the case. I've set it up with JCIFS (actually deprecated, but it works) at work, and it's working fine here.

Also, if you set up Windows Authentication, does that mean that the user will have to enter their credentials when they try to access any website on the server? We don't want them to have to enter any credentials at all no matter the site. We want it all to be automatic behind the scenes.

Depends on the browser.

IE 6 to 9 automatically recognize the user.

Firefox asks for credentials by default. You can go to "about:config" and add your server to the value of the "network.automatic-ntlm-auth.trusted-uris" preference name and Firefox no longer asks; this works in Firefox 3.5 and higher, we haven't tried in older versions.

Google Chrome automatically recognizes the user.

Safari will ask for credentials by default. No idea if this can be turned off.

Opera will ask for the credentials each time you visit the site after restarting the browser.
John Jai
Bartender

Joined: May 31, 2011
Posts: 1776
Bear Bibeault wrote:No, that won't work. Any Java code is executing on the server and has no access to the environment of the client.

Yes Bear... I thought we can get the client's user name using the given line in the client's m/c and send it as an input parameter to the server...
Kerry Baer
Ranch Hand

Joined: Jun 23, 2010
Posts: 39
Rob Spoor wrote:That seems to be the case. I've set it up with JCIFS (actually deprecated, but it works) at work, and it's working fine here.....


Would you kindly supply code for configuring JCIFS for windows authentication and pulling the client username?

I've already got JCIFS included in my project. I use it for file access. I've also read the following:
http://jcifs.samba.org/src/docs/ntlmhttpauth.html
http://jcifs.samba.org/src/docs/httpclient.html

and done some other web searching and can only find examples for authenticating users when the client submits their username and password to the server.

Your assistance is greatly appreciated.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61433
    
  67

John Jai wrote:
Bear Bibeault wrote:No, that won't work. Any Java code is executing on the server and has no access to the environment of the client.

Yes Bear... I thought we can get the client's user name using the given line in the client's m/c and send it as an input parameter to the server...

Please use real words when posting. I have no idea what "m/c" is supposed to mean.

In any case, no, you can't.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19720
    
  20

Kerry Baer wrote:
Rob Spoor wrote:That seems to be the case. I've set it up with JCIFS (actually deprecated, but it works) at work, and it's working fine here.....


Would you kindly supply code for configuring JCIFS for windows authentication and pulling the client username?

What works for us requires two things:
1) add a filter and filter mapping to the web.xml file of the web application:

2) Setup the right parameters for the JVM (from Tomcat's configuration tool):
You may want to play around a bit with the lmCompatibility flag; see http://technet.microsoft.com/en-us/library/cc960646.aspx for more info.
Kerry Baer
Ranch Hand

Joined: Jun 23, 2010
Posts: 39
I am having issues trying to use JCIFS. I keep getting a "jcifs.smb.SmbException: A domain was not specified" error message.

I have created an alternative solution to this issue. Since we are running this on a local network, we will install the java runtime on all of the client machines that need it. Then we will use a Single Sign-On applet that will grab the username from the local machine, shoot it off to a servlet on the appropriate web server for the appropriate web application, the servlet will store the username for use within the app and send a success or failure response back to the applet, then the applet will redirect the user to the appropriate application where they will be logged in automatically. We've got it working for the application we are currently working on.

Any more information and/or assistance you can provide is appreciated. As is the information already provided. Thank you.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19720
    
  20

Kerry Baer wrote:I am having issues trying to use JCIFS. I keep getting a "jcifs.smb.SmbException: A domain was not specified" error message.

Well, how did you try to specify the domain? Did you include it in the Java runtime properties like my example? Or in the web.xml file?
Kerry Baer
Ranch Hand

Joined: Jun 23, 2010
Posts: 39
Rob Spoor wrote:Well, how did you try to specify the domain? Did you include it in the Java runtime properties like my example? Or in the web.xml file?


Yes.



I also tried:
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19720
    
  20

And you've also set the right domainController? You can ping that? It's running an active directory on port 389?
Kerry Baer
Ranch Hand

Joined: Jun 23, 2010
Posts: 39
Rob Spoor wrote:And you've also set the right domainController? You can ping that? It's running an active directory on port 389?


We have another Authentication service we run against that has access to the domain controller. Yes, we can ping it and we can collect information by searching the username.
Mike Cheung
Ranch Hand

Joined: Feb 01, 2013
Posts: 88
Sorry don't mean to hijack but I have a similar requirement. In my case however I'm interested to know only the Windows login name, and not necessarily need to authenticate against LDAP or AD, is this possible to be setup without the following?


Anyone have tried to do this with say Apache Shiro?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Windows username?