We are in the process of developing a JSP based Web application. This application needs the logged in user ID from the local PC (Windows / Ubuntu?)
This can be achieved with the help of VBScript on the but unfortunately this solution will work only on Internet Explorer
Are there any ways to get the Windows (AD) user ID in Firefox as well as IE using JSP?
My requirement is very simple. I will store a list of User ID's on my Web application (XML file preferably) and will verify against the request and if the logged in user on Windows matches my list, the user can use my application.
This is a very simple application and the user base is very minimum.
Setup: Apache Tomcat v7.x, JSP
This question may have been asked many times but I still don't see a proper way to do this
I guess what you are looking for is Windows Authentication. Tomcat has built-in support for what you want.
Related
How can i get the windows username of a visitor that comes to my page.
My page is coded in Java and runs in Intranet.
I know it easy to do this with aspx (with activex i think) but how can i do this with Java.
In some topics i found some thing like this.
How to get Windows username in Java?
Get login username in java
But these are not a solution for me because;
System.getProperty("user.name");
System.getenv("USERNAME");
gives the user name of the server which the program runs on.But i need the visitors user name.
Is there a way to do this?
In a stable, corporate environment it is often posible to make a small "login & authentucation service" within ERP (C#), accessed via REST/JSON or SOAP with Java code. I did this a few times.
As a consequence, every successfully logged worker is a Java proxy to the primary login from the main system.
Big benefit: not to build hard security mechanism. Password are never copied in Java database.
Some problems: A user may have been the author of some content in Intranet. Now they are no longer part of the company, their primary login is destroyed, intranet should have very light "shadow" of dead soul.
Getting windows login is tricky. In many companies it is allowed to use browser from computer of coworker, with login to specyfic www application.
I'm developing an application that would be hosted on tomcat server. I'm looking to get the username details with which the user would logon to his windows system for tracking purpose. Is there a way to get the user name details with which the user logged onto the system before accessing the application through a browser?
i doubt there is a java only way to do this. you have to check the username using javascript. here is an example for windows user:
Get Windows username with JavaScript?
Also you probably want to do the same for Linux/Mac users?
Once you got the java script name you could either save it into a cookie and read it with your Java servlet or send an Ajax request to your backend.
I have a web PHP web application that has a link to a java web application. The php application has a login page, and a link to the the java application, but not every user has permission to access the java web application. What I was trying to do is send user credentials from the php application to the java application, and then the java application checks the credentials and if correct logs in the user. I was thinking of using http headers to do this.
So my question is what is how to send user credentials from a PHP application to a java application?
If it helps I am using a Java web framework called Vaadin.
Do a normal POST request from the PHP application to the java application. This can be done as simply as having a normal HTML form in the PHP application, set the form's method to "POST" and action to the java application's URL. If you want to catch HTTP parameters in a Vaadin application, you can do it by using request handlers (https://vaadin.com/book/vaadin7/-/page/advanced.requesthandler.html).
Then a few words of advice or something to at least consider. If your login page is in the PHP application and your "admin" application is the Vaadin application, then I discourage you from doing the credential checking in the Vaadin application. This is because when you enter the Vaadin application, a new application instance is created. This means that your UI will be initialized and whatever else you do in the UI's init method. What you probably want to do, is to hinder the user from entering the Vaadin application unless she is logged in - which means that you need to do the credential checking somewhere else - for example, have a separate servlet whose only responsibility is to log in the user. If login is granted, then give access to the Vaadin application, if access is denied, forward the user to the PHP login screen. The next question is, how do you hinder the user from accessing the Vaadin application until she is logged in? Typically, this is done using servlet filters.
I highly encourage you to use a 3rd party framework for doing the authentication and authorization. Take a look at http://shiro.apache.org/, it's easy to install and seems to work nicely together with Vaadin. All you need to do is to configure it and implement a login screen, the framework will take care of the rest.
If I understood your question, you want to be able to provide an "auto-login-link" to some specific users that are logged in to the PHP application. This link should automatically login the user to the java application, right?
Without knowing any details about this case, like are both apps running on the same domain or do they use the same database (same user credentials in both apps), etc., I would propose the following solution:
Create an action (link) on the java application, which receives the necessary parameters (as GET) needed for creating the session (probably userId is sufficient), timestamp and a signature of all parameters. For example:
http://javaapp.example.com/autologin?userId=123&timeStamp=123456789&sign=hj23kh4j234jk324h
Where the signature is calculated with some strong encryption algorithm. Then you verify that the signature is correct at the receiving end (java app). If it is correct, you create the session. Signature calculation could be something like:
$signature = sha1($userId . $timeStamp . 'some salt' . $sharedSecretBetweenBothApps);
With the timeStamp you are able to check that an old link is not used. For example not allow older than 15 min old links and store used links in the java app to make sure they are never re-used. You do not have to keep history of links older than the expiration time.
Another idea, as discussed in the comments, is creating an API on the java side, which is able to provide a one-time link.
The sha1 algorithm is probably not strong enough, but shows the idea and is simple to implement.
Does this answer your question?
I need to know if a user entered correct login information to Microsoft Active directory
I want the user to enter username and password on an xpage and it should only return if these values was entered correctly or not.
I know I can use ldap requests and send in credentials but have not seen any working solutions for this.
I need to use java as the code should be able to run on non windows servers
There are a number of approaches you can take:
The easiest would be to link the AD to Domino using DirectoryAssistance and let users login using their AD credentials in the first place.
If IIS is running on the AD server you could send an HTTP request using the Apache HTTPClient (and basic authentication) and see what's coming back
The best working Java libraries are listed in the Apache Directory project. There you would do an LDAP query (e.g. the user herself)
Let us know which one works for you
You can use JNDI to access the Active Directory. There are a lot of ressources on the web on how to do this, for example have a look at http://mhimu.wordpress.com/2009/03/18/active-directory-authentication-using-javajndi/
You have tagged the question as XPage, do you want to do the authentication from inside domino? In that case the domino server could do the authentication.
I'm implementing a profiled (user / group) web application and I need to import into my application database all users and groups of my Active Directory. I'm running this application on Apache Tomcat under Ubuntu Server. I'd like to leave the import operation to some admin user direclty under my webapplication but, if it's not possible, I thought to use a .NET client to manager the user.
I saw on some tuturial it's possible to reach the windows domain controller using java to authenticathe the user but, in that case, I don't need to authenticate the user, I just need to recognize the group of user using the property
System.getProperty("user.name")
to retrieve the user. I took a look to this tutorial:
http://gwallen.com/code/java/activedirectory.php
I tryied the first one but it doesn't works (LDAP: error code 49).
May you help me (suggesting me some tutorial or samples)?
thanks,Andrea
If you want to query AD without password you need core Windows solution. E.g. you can run dsquery command
You can use Spring Security to do so. Or just take a look at the classes which does so.