ansaurus

Question

Detect user logged on a computer using Java web app

Answer 1

A:

+1 Though question!

There is an answer to this question here (still on stack overflow) when using IIS. So I guess it is possible on a servlet container to fool the client into presenting some kind of signed token as proof of authentication. Then I guess you will need some windows magic to validate the thing.

Is there any "Integrated Windows Authentication" specification somewhere?. Did anybody implemented this? JCIFS, Samba?.

I would use tcpmon to see the interaction between the browser and a IIS if the recipe given above works. I suspect It is fairly complicated though. If there is not some crypto involved I would be very disappointed.

Tomcat has already support for LDAP authentication sources (see here). Maybe extending this and add a custom Realm implementation.

Marcelo Morales 2009-04-07 16:00:12

You just linked him to his own question. ;)

Michael Myers 2009-04-07 16:02:22

"Though" or "tough"? ;-)

Arjan 2009-04-22 13:58:24

Answer 2

+1 A:

In general, you can hook into the local authorization service using Java Authentication and Authorization Service. That might do what you want.

That said, are you sure this is the right way to go? What do you want to accomplish? Are you looking for a single-signon solution for the webapp?

Then this: http://stackoverflow.com/questions/439120/how-to-configure-tomcat-to-use-windows-ntlm-authentication might be what you are looking for, as proposed by Steve Read in the comment above.

sleske 2009-04-07 16:01:04

I want to know the remote user accessing my web app. This user is logged on a active directory.

VansFannel 2009-04-08 08:17:52

Answer 3

A:

I recall using mod_ntlm for apache did the trick for me, but that was few years ago, so I don't know what had changed since.

Moshe 2009-04-07 16:03:47

Answer 4

+1 A:

Jcifs liabrary will be surely of your help. This library can be used for performing NTLM authentication.

2009-04-07 16:13:00

Answer 5

+2 A:

This is my solution:

Put jcifs-1.2.7.jar on [TOMCAT_HOME]/common/lib directory.

Modify application's web.xml adding the followin text to section webapp:

<filter>
    <filter-name>NtlmHttpFilter</filter-name>
    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
    <init-param>
        <param-name>jcifs.http.domainController</param-name>
        <param-value>xx.xx.xx.xxx</param-value>  --> Domain Controller IP
    </init-param>
    <init-param>
        <param-name>jcifs.util.loglevel</param-name>
        <param-value>2</param-value>
    </init-param>
  </filter>
  <filter-mapping>
       <filter-name>NtlmHttpFilter</filter-name>
       <url-pattern>/*</url-pattern>
  </filter-mapping>

And the you can get the remote user using request.getRemoteUser() whithout prompt.

See you.

VansFannel 2009-04-22 13:47:33

This feature of JCIFS is deprecated. See the blue text at the top of the NTLM HTTP Authentication page for an explaination and for the recommended alternative: http://jcifs.samba.org/src/docs/ntlmhttpauth.html

2010-02-09 01:44:44

@ioplex, that blue text fails to mention that the license for jespa is different than the one for JCIFS. If you are the JCIFS Mike, perhaps you could fix that?

Thorbjørn Ravn Andersen 2010-07-21 14:32:55

ansaurus

tags:

views:

answers:

Detect user logged on a computer using Java web app

related questions