Geek Answers Handbook

Get username connected to web server

Here is the script. I work on a web server in an AD domain. Some client connected to me. How to get this client username if the client did not fill out the form in his browser? You must use Java technology on the web server side.

edit:

I ended up using the Spring Security Negotiation Filter, as described in the link below. There is a textbook. Using request.getPrincipal (). GetName () from the servlet gives the username.

http://waffle.codeplex.com/

+7
source share
5 answers

You need to configure Spring Kerberos extension for security - this is the only possible way to do what you're describing in Spring Security 3. This supports SPNEGO negotiation, but requires some configuration on the server (and knowledge of how SPNEGO and Kerberos work).

There is not much documentation there, but the examples of Mike’s applications that it ships with 1.0M2 are great and cover most common scenarios, including SPNEGO automatic authentication.

The key to SPNEGO is customizing AuthenticationEntryPoint - you need to do this using the Spring bean, as shown below:

 <bean id="kerbEntryPoint" class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" /> <bean id="kerbAuthenticationProcessingFilter" class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter"> <property name="authenticationManager" ref="authenticationManager" /> </bean>

... there are more beans that will be required besides them (again, refer to samples with the Kerberos extension). Send back if you continue to work with Spring Security or if you want accurate information (since there are several bits of beans / config, some knowledge about your configuration will be useful, for example, whether you use the <http> namespace style or not).

In addition to this option, you will need to configure a similar type of SPNEGO (for example, using WAFFLE, as you suggest) - other SO issues . pretty good.

Finally, you could use Tomcat with another web server that best supports SPNEGO or NTLM, such as Microsoft IIS or Apache Web Server with mod_spnego .

Hopefully one of these ideas will work for you!

+11
source

Which browser do your users use? If IE; there is a simple solution:

 <html> <script type="text/javascript"> var WinNetwork = new ActiveXObject("WScript.Network"); alert(WinNetwork.UserName); </script> </html>
+6
source

The last way for Windows is SPNEGO . For it to work fully, you need a server in order to have an account in AD and communicate with Kerberos. Then Spring Security, I was told, supports this.

Now you do not have to allow users. Sometimes (for example, for statistical reasons) it is enough to get the user ID of the AD. When I played with SPNEGO, the binary data that was transferred from the browser included the plaintext user ID. It can be an extraction from there, but, of course, one cannot be trusted.

NTLM is deprecated, considered less secure, and is largely pumped out of the environment.

+2
source

If you are using Tomcat, use WAFFLE .

+1
source

I am sure you can put the Apache web server in front of tomcat so that apache can authenticate using NTLM or Kerberos . Then you can use the rewrite rules to send requests to tomcat with the username in plain. This is just an idea, I did not realize it myself. However, we use Apache Kerberos authentication on our intranet. My suggestion is not to use NTLM, it is deprecated and broken.

0
source

More articles:


All Articles