I'm aware I can call out to Active Directory and do queries provided I have a cleartext username and password. (I don't want to do that)
我知道我可以呼叫Active Directory并进行查询,前提是我有一个明文用户名和密码。 (我不想这样做)
In VB, I can set authorisation levels by NT group - and the user doesn't have to enter their password nor, store it in a text file. (My understanding is that this has access to the Windows AD ticket).
在VB中,我可以按NT组设置授权级别 - 用户不必输入密码,也不能将其存储在文本文件中。 (我的理解是,它可以访问Windows AD票证)。
I also know I can shell out to the command line and parse the output - to get the users groups - this is problematic.
我也知道我可以对命令行进行shell并解析输出 - 以获取用户组 - 这是有问题的。
How can I replicate getting the executing user's NT groups without a password in Java?
如何在没有Java密码的情况下复制获取执行用户的NT组?
(It is beginning to sound like I'll have to call the Win32 API with JNA to get the kerberos ticket - I'm hoping there is a simpler way.)
(听起来好像我必须用JNA调用Win32 API来获取kerberos票 - 我希望有一种更简单的方法。)
1 个解决方案
#1
0
You should split up your question in two because you're mixing authentication with authorization. Kerberos works very pleasently with Java on Windows with some caveats due to MS. Having said that use the Kerberos ticket with the provided principal to authenticate against AD and retrieve the user's memberOf values to see in which groups the user is in.
您应该将问题分成两部分,因为您将身份验证与授权混合在一起。 Kerberos在Windows上使用Java非常令人愉快,因为MS有一些注意事项。话虽如此,使用Kerberos票证和提供的主体对AD进行身份验证并检索用户的memberOf值以查看用户所在的组。
#1
0
You should split up your question in two because you're mixing authentication with authorization. Kerberos works very pleasently with Java on Windows with some caveats due to MS. Having said that use the Kerberos ticket with the provided principal to authenticate against AD and retrieve the user's memberOf values to see in which groups the user is in.
您应该将问题分成两部分,因为您将身份验证与授权混合在一起。 Kerberos在Windows上使用Java非常令人愉快,因为MS有一些注意事项。话虽如此,使用Kerberos票证和提供的主体对AD进行身份验证并检索用户的memberOf值以查看用户所在的组。