tags:

views:

521

answers:

2
Q: 

Retrieving the logged in user's name and hostname in Windows

I'm currently writing a Java application to be used with a Windows-Machine authed with an ActiveDirectory. The application basically only needs to know the user's name and hostname. I know there are

System.getProperty("user.name")

and

java.net.InetAddress.getLocalHost().getHostName()

But I am not sure wether System.getProperty("user.name") will function correctly with the VM running on windows (I searched google and found a lot of threads saying it might not work with windows, as it might return something different, depending on the environment-variables (and I am currently unable to test it [I'm running ubuntu and archLinux]).

So, I wondered if there is a better and more secure way to handle this and stumbled upon NTSystem . But NTSystem does not seem to be available on Linux (which I use for developing), which - I think - is due to calling native windows code.

My question would hence be: "Is there a secure way to retrieve the logged in user's name in Windows and if yes - how would you accomplish that?"

+1  A: 

user.name is inherently insecure because it can be overridden via -Duser.name=XYZ. This might be an issue for you, or it may not be

Obviously NTSystem won't work on Linux but you mention that you are writing a GUI to be run on Windows. Are you trying to validate the Windows user name of the user? You can do this via NTSystem embedded in the code which runs on the Windows client but not (of course) code which runs under the Linux OS.

Or are you trying to validate them on a Linux server? Perhaps you have a kerberos domain you could do this with? (i.e. if there is a kerberos domain, then you can have a secure, authenticated communication between client and server, ensuring that the client is who they say they are)

EDIT: I may be confused by the fact you are saying that you're writing a Java App "in Linux". I took this to mean a Linux server and Windows client - but possibly you just mean that you are using Lenux as your development environment? In this case, you might think of writing a pluggable identification layer which you can switch between using NTSystem on the Windows box and user.name for testing

oxbow_lakes  2009-07-16 08:47:34
Yes, Linux is my development environment.I'm just trying to avoid the user.name property, as it is - as you said - inherently insecure.(Actually the setup looks like this: Linux Server with Windows-Server-VirtualMachine(+ActiveDirectory), a bunch of Windows clients. I've got a java application running on the server, a c++ client running on all windows-machines and a java-client running on *certain* windows-machines. But I also want to avoid having to contact the AD/Windows-Server-VM)
Tedil  2009-07-16 09:21:03
Here's how I chose to do it:I downloaded the windows java jdk and extracted com.sun.security.* from its libs. I then added them as a library to my project an imported NTSystem. In the app itself I check which OS it is running on to determine which System to use (either NTSystem or UnixSystem).This could and can easily be avoided by having NTSystem and UnixSystem implement an interface which provides 'getUserName' and similar methods, so that you can use a more generic System (you could name it "GenericSystem" or "AbstractSystem" e.g.). Would be a nice addition to openJDK, I think ;)
Tedil  2009-08-08 19:41:59
A: 

Use JNA, com.sun.platform.jna.win32 has a number of methods to do this wrapping the Win32 API. Try Advapi32Util.getUserName or Kernel32Util.getUserNameEx.

dblock  2010-10-01 12:14:54

related questions

Obscuring network proxy password in plain text files on Linux/UNIX-likes
Why doesn't **find** find anything?
Getting stack traces on Unix systems, automatically
Differences between unix and windows files
How do you do a case insensitive search using a pattern modifier using less ?
Using Visual Studio to develop for C++ for Unix
How do I generate ASCII codes 2 and 3 in a Bash command line?
What's in your .procmailrc
Allow user to set up an SSH tunnel, but nothing else
What is PHP Safe Mode GID?
How to avoid redefining VERSION, PACKAGE, etc.
How can I encode xml files to xfdl (base64-gzip)?
Faster way to find duplicates conditioned by time
Date arithmetic in Unix shell scripts
Using Xming X Window Server over a VPN
Windows Equivalent of 'nice'
How do I configure and communicate with a serial port?
Choosing a static code analysis tool
What should a longtime Windows user know when starting to use Linux?
How do I use (n)curses in Ruby?
Process size on UNIX
Getting root permissions on a file inside of vi?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
Fastest way to get value of pi