I am working on application which doesn't have any login mechanism, any user in my organization can use that. But I want to pick the username of the remote users who will use my tool. I have a button clicking on that I want to get their usernames.
我正在处理没有任何登录机制的应用程序,我组织中的任何用户都可以使用它。但我想选择将使用我的工具的远程用户的用户名。我有一个按钮点击我想要获取他们的用户名。
I tried request.getRemoteUser got null. tried System.getenv("USERNAME") getting the logged in user of the localhost where the server resides. Tried getHostName, System.getProperty got the localhost name. Tried this also - new com.sun.security.auth.module.NTSystem().getName() but same result.
我试过request.getRemoteUser得到了null。尝试使用System.getenv(“USERNAME”)获取服务器所在的localhost的登录用户。尝试了getHostName,System.getProperty获得了localhost名称。尝试了这一点 - 新的com.sun.security.auth.module.NTSystem()。getName()但结果相同。
I am using java6, windows server and glassfish3 server.
我使用的是java6,windows server和glassfish3服务器。
Please suggest something as I don't want to use any external link and tool.
请提出建议,因为我不想使用任何外部链接和工具。
4 个解决方案
#1
5
You want to do something called SSO (Single Sign On): A user is logged in somewhere (in your case his Windows computer) and you want to authenticate the user with this (already done) login. This is a very common use case and there are different ways to do that. However, the big question is always how you can trust those third party system. And this is where the trouble begins.
您想要做一些名为SSO(单点登录)的事情:用户登录某个地方(在您的情况下是他的Windows计算机),并且您希望使用此(已完成)登录来验证用户。这是一个非常常见的用例,有不同的方法可以做到这一点。但是,最重要的问题始终是如何信任这些第三方系统。这就是麻烦开始的地方。
Since your question is not very clear, I assume you have a Java Glassfish server running on Windows Server and a Java client (because you asked for Java code). So the Java server must authenticate who the user of the Java client is. And the server must trust this information.
由于你的问题不是很清楚,我假设你有一个在Windows Server和Java客户端上运行的Java Glassfish服务器(因为你要求使用Java代码)。因此,Java服务器必须验证Java客户端的用户是谁。服务器必须信任这些信息。
Using System.getProperty("user.name"); isn't a good idea since anybody can change it. You can start your Java program with java -Duser.name=Joe <your_program> and that's it.
使用System.getProperty(“user.name”);不是一个好主意,因为任何人都可以改变它。您可以使用java -Duser.name = Joe
But since you are on Windows, you could use Windows to help you. If both, your client and server, are in the same domain, they are authenticated against the same system. You can ask this system for the user identity. Typically machines of a company are in the same domain.
但是,由于您使用的是Windows,因此可以使用Windows来帮助您。如果您的客户端和服务器位于同一个域中,则它们将针对同一系统进行身份验证。您可以向此系统询问用户身份。通常,公司的机器位于同一域中。
To do this there is a tool called Waffle. It does a secure Windows authentication between machines in the same domain. If your client and server are in the same domain, it is an easy way to perform an SSO (a single sign on). You can find it on GitHub: http://dblock.github.io/waffle/
为此,有一个名为Waffle的工具。它在同一域中的计算机之间执行安全的Windows身份验证。如果您的客户端和服务器位于同一个域中,则可以轻松地执行SSO(单点登录)。你可以在GitHub上找到它:http://dblock.github.io/waffle/
Here is a simple example from one of my own questions a couple of months ago (see here):
以下是几个月前我自己提出的一个问题的简单例子(见这里):
// client credentials handle
IWindowsCredentialsHandle credentials= WindowsCredentialsHandleImpl.getCurrent("Negotiate");
credentials.initialize();
// initial client security context
WindowsSecurityContextImpl clientContext = new WindowsSecurityContextImpl();
clientContext.setPrincipalName(Advapi32Util.getUserName());
clientContext.setCredentialsHandle(credentials.getHandle());
clientContext.setSecurityPackage(securityPackage);
clientContext.initialize();
// accept on the server
WindowsAuthProviderImpl provider = new WindowsAuthProviderImpl();
IWindowsSecurityContext serverContext = null;
do {
if (serverContext != null) {
// initialize on the client
SecBufferDesc continueToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, serverContext.getToken());
clientContext.initialize(clientContext.getHandle(), continueToken);
}
// accept the token on the server
serverContext = provider.acceptSecurityToken(clientContext.getToken(), "Negotiate");
} while (clientContext.getContinue() || serverContext.getContinue());
System.out.println(serverContext.getIdentity().getFqn());
for (IWindowsAccount group : serverContext.getIdentity().getGroups())
System.out.println(" " + group.getFqn());
You can use Waffle also for websites. However, I didn't do that and cannot explain you what to do in this case.
您也可以将Waffle用于网站。但是,我没有这样做,也无法解释你在这种情况下该怎么做。
And one important remark: I think you are a little bit confused. If you do request.getRemoteHost() on your server, you try to get the identity of the client who send the request (by the way, it is not secure, a client could send anything). However, if you do System.getProperty("user.name") on your server, you try to get the name of the server itself. Be aware where you are (on client or server) and what you want. And make sure whether you can trust this information or not. Security is difficult.
还有一个重要的评论:我觉得你有点困惑。如果您在服务器上执行request.getRemoteHost(),则尝试获取发送请求的客户端的身份(顺便说一下,它不安全,客户端可以发送任何内容)。但是,如果在服务器上执行System.getProperty(“user.name”),则会尝试获取服务器本身的名称。请注意您(在客户端或服务器上)的位置以及您想要的内容。并确保您是否可以信任这些信息。安全很困难。
#2
1
java class code to find who loggedin into a remote computer in a domain
java类代码,用于查找登录到域中的远程计算机的用户
package com.test;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.HashMap;
import com.test.Pubfun;
public class UserName {
public static HashMap <String,String> hmun=new HashMap<String, String>();
public String setUserFromIP(String arg1) {
String m = arg1;
StringBuilder user = new StringBuilder();
String u = "";
String user2 = null;
try {
Process p = Runtime.getRuntime().exec("query user /server:" + m);
p.waitFor();
BufferedReader reader = new BufferedReader(new InputStreamReader(
p.getInputStream()));
String line = reader.readLine();
while (line != null) {
line = reader.readLine();
user.append(line);
line=null;
}
} catch (IOException e1) {
} catch (InterruptedException e2) {
}
u = user.toString().replace("null", "");
try {
user2 = this.getUserFromString(u);
} catch (ArrayIndexOutOfBoundsException ae) {
}
u.replace("null", " ");
System.out.println(user2);
hmun.put("username",user2);
return user2;
}
public static String gethmun()
{
String t=hmun.get("username");
return t;
}
public String getUserFromString(String u) {
HashMap <String,String> hmun=new HashMap<String, String>();
String input = u;
int length, size;
length = input.length();
size = length ;
String strarray[] = new String[size];
strarray = input.split("\\s+");
for (int i = 0; i < strarray.length; i++) {
if(strarray[i].equals("Active")){
hmun.put("username", strarray[i-3]);
}
}
String user1=hmun.get("username");
return user1;
}
}
#3
0
HttpServletRequest.getRemoteUser() might optionally return the login of user making the request (if authenticated), but it is not the username of the user logged in on the remote machine.
HttpServletRequest.getRemoteUser()可以选择性地返回发出请求的用户的登录(如果已通过身份验证),但它不是远程计算机上登录的用户的用户名。
There is no way to query the username of the remote machine. Browsers or applications making the requests might send this info voluntarily, but if they don't, you won't find a way to get it. And by default they don't send it so don't count on this.
无法查询远程计算机的用户名。提出请求的浏览器或应用程序可能会自动发送此信息,但如果不这样做,您将无法找到获取此信息的方法。默认情况下,他们不发送它,所以不要指望这一点。
#4
-4
This gives you the current logged in Username from your local Windows System System.getProperty("user.name");
这将为您提供当前Windows System System.getProperty(“user.name”)中当前登录的用户名;
#1
5
You want to do something called SSO (Single Sign On): A user is logged in somewhere (in your case his Windows computer) and you want to authenticate the user with this (already done) login. This is a very common use case and there are different ways to do that. However, the big question is always how you can trust those third party system. And this is where the trouble begins.
您想要做一些名为SSO(单点登录)的事情:用户登录某个地方(在您的情况下是他的Windows计算机),并且您希望使用此(已完成)登录来验证用户。这是一个非常常见的用例,有不同的方法可以做到这一点。但是,最重要的问题始终是如何信任这些第三方系统。这就是麻烦开始的地方。
Since your question is not very clear, I assume you have a Java Glassfish server running on Windows Server and a Java client (because you asked for Java code). So the Java server must authenticate who the user of the Java client is. And the server must trust this information.
由于你的问题不是很清楚,我假设你有一个在Windows Server和Java客户端上运行的Java Glassfish服务器(因为你要求使用Java代码)。因此,Java服务器必须验证Java客户端的用户是谁。服务器必须信任这些信息。
Using System.getProperty("user.name"); isn't a good idea since anybody can change it. You can start your Java program with java -Duser.name=Joe <your_program> and that's it.
使用System.getProperty(“user.name”);不是一个好主意,因为任何人都可以改变它。您可以使用java -Duser.name = Joe
But since you are on Windows, you could use Windows to help you. If both, your client and server, are in the same domain, they are authenticated against the same system. You can ask this system for the user identity. Typically machines of a company are in the same domain.
但是,由于您使用的是Windows,因此可以使用Windows来帮助您。如果您的客户端和服务器位于同一个域中,则它们将针对同一系统进行身份验证。您可以向此系统询问用户身份。通常,公司的机器位于同一域中。
To do this there is a tool called Waffle. It does a secure Windows authentication between machines in the same domain. If your client and server are in the same domain, it is an easy way to perform an SSO (a single sign on). You can find it on GitHub: http://dblock.github.io/waffle/
为此,有一个名为Waffle的工具。它在同一域中的计算机之间执行安全的Windows身份验证。如果您的客户端和服务器位于同一个域中,则可以轻松地执行SSO(单点登录)。你可以在GitHub上找到它:http://dblock.github.io/waffle/
Here is a simple example from one of my own questions a couple of months ago (see here):
以下是几个月前我自己提出的一个问题的简单例子(见这里):
// client credentials handle
IWindowsCredentialsHandle credentials= WindowsCredentialsHandleImpl.getCurrent("Negotiate");
credentials.initialize();
// initial client security context
WindowsSecurityContextImpl clientContext = new WindowsSecurityContextImpl();
clientContext.setPrincipalName(Advapi32Util.getUserName());
clientContext.setCredentialsHandle(credentials.getHandle());
clientContext.setSecurityPackage(securityPackage);
clientContext.initialize();
// accept on the server
WindowsAuthProviderImpl provider = new WindowsAuthProviderImpl();
IWindowsSecurityContext serverContext = null;
do {
if (serverContext != null) {
// initialize on the client
SecBufferDesc continueToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, serverContext.getToken());
clientContext.initialize(clientContext.getHandle(), continueToken);
}
// accept the token on the server
serverContext = provider.acceptSecurityToken(clientContext.getToken(), "Negotiate");
} while (clientContext.getContinue() || serverContext.getContinue());
System.out.println(serverContext.getIdentity().getFqn());
for (IWindowsAccount group : serverContext.getIdentity().getGroups())
System.out.println(" " + group.getFqn());
You can use Waffle also for websites. However, I didn't do that and cannot explain you what to do in this case.
您也可以将Waffle用于网站。但是,我没有这样做,也无法解释你在这种情况下该怎么做。
And one important remark: I think you are a little bit confused. If you do request.getRemoteHost() on your server, you try to get the identity of the client who send the request (by the way, it is not secure, a client could send anything). However, if you do System.getProperty("user.name") on your server, you try to get the name of the server itself. Be aware where you are (on client or server) and what you want. And make sure whether you can trust this information or not. Security is difficult.
还有一个重要的评论:我觉得你有点困惑。如果您在服务器上执行request.getRemoteHost(),则尝试获取发送请求的客户端的身份(顺便说一下,它不安全,客户端可以发送任何内容)。但是,如果在服务器上执行System.getProperty(“user.name”),则会尝试获取服务器本身的名称。请注意您(在客户端或服务器上)的位置以及您想要的内容。并确保您是否可以信任这些信息。安全很困难。
#2
1
java class code to find who loggedin into a remote computer in a domain
java类代码,用于查找登录到域中的远程计算机的用户
package com.test;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.HashMap;
import com.test.Pubfun;
public class UserName {
public static HashMap <String,String> hmun=new HashMap<String, String>();
public String setUserFromIP(String arg1) {
String m = arg1;
StringBuilder user = new StringBuilder();
String u = "";
String user2 = null;
try {
Process p = Runtime.getRuntime().exec("query user /server:" + m);
p.waitFor();
BufferedReader reader = new BufferedReader(new InputStreamReader(
p.getInputStream()));
String line = reader.readLine();
while (line != null) {
line = reader.readLine();
user.append(line);
line=null;
}
} catch (IOException e1) {
} catch (InterruptedException e2) {
}
u = user.toString().replace("null", "");
try {
user2 = this.getUserFromString(u);
} catch (ArrayIndexOutOfBoundsException ae) {
}
u.replace("null", " ");
System.out.println(user2);
hmun.put("username",user2);
return user2;
}
public static String gethmun()
{
String t=hmun.get("username");
return t;
}
public String getUserFromString(String u) {
HashMap <String,String> hmun=new HashMap<String, String>();
String input = u;
int length, size;
length = input.length();
size = length ;
String strarray[] = new String[size];
strarray = input.split("\\s+");
for (int i = 0; i < strarray.length; i++) {
if(strarray[i].equals("Active")){
hmun.put("username", strarray[i-3]);
}
}
String user1=hmun.get("username");
return user1;
}
}
#3
0
HttpServletRequest.getRemoteUser() might optionally return the login of user making the request (if authenticated), but it is not the username of the user logged in on the remote machine.
HttpServletRequest.getRemoteUser()可以选择性地返回发出请求的用户的登录(如果已通过身份验证),但它不是远程计算机上登录的用户的用户名。
There is no way to query the username of the remote machine. Browsers or applications making the requests might send this info voluntarily, but if they don't, you won't find a way to get it. And by default they don't send it so don't count on this.
无法查询远程计算机的用户名。提出请求的浏览器或应用程序可能会自动发送此信息,但如果不这样做,您将无法找到获取此信息的方法。默认情况下,他们不发送它,所以不要指望这一点。
#4
-4
This gives you the current logged in Username from your local Windows System System.getProperty("user.name");
这将为您提供当前Windows System System.getProperty(“user.name”)中当前登录的用户名;