Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Get username of client who connected to web server

Tags:

java

spring

spring-security

windows-authentication

single-sign-on

Here's the scenario. I am code running on a web server in an AD domain. Some client has connected to me. How do I get that client's username, without having the client fill out a form in their browser? Must use Java technologies on the web server side.

edit:

I ended up using the Spring Security Negotiate Filter as described at the below link. There is a tutorial available. Using request.getPrincipal().getName() from within a servlet gives the username.

http://waffle.codeplex.com/

like image 308
KyleM Avatar asked Apr 28 '11 22:04

KyleM

1 Answers

You need to set up the Spring Security Kerberos extension - this is the only out of the box way to do what you're describing in Spring Security 3. This supports SPNEGO negotiation, but requires some amount of setup on the server (and knowledge of how SPNEGO and Kerberos works).

There's not much documentation - but Mike's sample applications that he ships with 1.0M2 are great, and cover most of the common scenarios, including automated SPNEGO authentication.

The key thing for SPNEGO is to set up a custom AuthenticationEntryPoint - you'll need to do this with a custom spring bean as follows:

<bean id="kerbEntryPoint" class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" />

<bean id="kerbAuthenticationProcessingFilter" class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

... there are more beans that'll be required besides these (again, refer to the samples w/the Kerberos extension). Post back if you get further along with Spring Security or if you want exact details (since there are a number of beans / config bits involved, some knowledge of your configuration would be helpful, such as whether you are using the <http> namespace style or not).

Other than this option, you would have to set up a similar type of SPNEGO auth (such as using WAFFLE, as you suggest) - other SO questions cover this pretty well.

Finally, you could possibly front Tomcat with another web server which supports SPNEGO or NTLM better, such as Microsoft IIS or Apache Web Server with mod_spnego.

Hopefully one of these ideas would work for you!

like image 92
Peter Mularien Avatar answered Sep 30 '22 18:09

Peter Mularien
Sign in to Comment

Related questions

What is the benefit of polymorphism using Collection interface to create ArrayList object?
Anonymous inner classes in C#?
How do I find my "computer description" in a Java application on Windows and/or Mac?
Using Resultset in Java Program
Regex question ^[a-zA-Z0-9]{5,10}$
Apache POI, using both XSSF and HSSF
java + sqlite: how to open database as read-only?
Need modbus Java library [closed]
Which Class used for writing characters rather than bytes?
Eclipse Android Perspectives
how can I parse "30.0" or "30.00" to Integer?
Extending hibernate entities with annotation
Sending Signals to a Running JVM
Sequence Files in Hadoop
Easy way of populating Javabeans based on request parameters
Set size of Layered Drawable?
"for" cycle in JSF
xStream problems - How to deserialize multiple objects
maximum size of java class / exception table
i got the error java.text.ParseException: Unparseable date

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!