0

In my system, I want to have only the administrator account to access the specific folder.

So when client login as himself, click the open file link, I want it switch to the admin account temporary to open the files. After closing the openning file, the account goes back to the original account of the client.

I find it can be done in C# in ASP.NET by this link:

How do I change the logged in user to another?

Wondering if we can do that in Java?

Community
  • 1
  • 1
Peter Kang
  • 3
  • 3

2 Answers2

2

You can perform a task as a different user by calling RUNAS via Runetim.exec()

RUNAS USAGE:

RUNAS [ [/noprofile | /profile] [/env] [/savecred | /netonly] ]
        /user:<UserName> program

RUNAS [ [/noprofile | /profile] [/env] [/savecred] ]
        /smartcard [/user:<UserName>] program

RUNAS /trustlevel:<TrustLevel> program

   /noprofile        specifies that the user's profile should not be loaded.
                     This causes the application to load more quickly, but
                     can cause some applications to malfunction.
   /profile          specifies that the user's profile should be loaded.
                     This is the default.
   /env              to use current environment instead of user's.
   /netonly          use if the credentials specified are for remote
                     access only.
   /savecred         to use credentials previously saved by the user.
                     This option is not available on Windows 7 Home or Windows 7 Starter Editions
                     and will be ignored.
   /smartcard        use if the credentials are to be supplied from a
                     smartcard.
   /user             <UserName> should be in form USER@DOMAIN or DOMAIN\USER
   /showtrustlevels  displays the trust levels that can be used as arguments
                     to /trustlevel.
   /trustlevel       <Level> should be one of levels enumerated
                     in /showtrustlevels.
   program         command line for EXE.  See below for examples

Examples:
> runas /noprofile /user:mymachine\administrator cmd
> runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
> runas /env /user:user@domain.microsoft.com "notepad \"my file.txt\""

http://ss64.com/nt/runas.html

Peter Lawrey
  • 525,659
  • 79
  • 751
  • 1,130
  • This surely is Windows-specific. I wonder what platform OP is seeking a solution for... – TheBlastOne Nov 05 '12 at 17:21
  • @TheBlastOne "administrator account" and "switch to the admin account temporary" are windows specific terminology. – Peter Lawrey Nov 05 '12 at 17:30
  • Ah. Thought it is a synonym for the superuser or root user in UNIX world, too. – TheBlastOne Nov 05 '12 at 17:33
  • @TheBlastOne You could be right, in which case you need to run `sudo command` instead on UNIX. AFAIK its entirely platform specific. – Peter Lawrey Nov 05 '12 at 17:38
  • Hi, Peter, Thanks for your reply. I did some research on runas. it seems can only open or execute other applications or command. For example, when I run 'runas' command in server to open the file by excel. It will open excel in Server, not on client machine. Am I right? I don't know how to make client to open files in his local machine. – Peter Kang Nov 06 '12 at 01:58
  • You can only open files on the machine you are running on. You can send a message to the client (your chose on how you do this) and the client can perform a `runas` How the client does this depends on what code you are running on the client. – Peter Lawrey Nov 06 '12 at 08:22
0

If you're using Java EE I think you could use the @RunAs annotation (but I haven't tried): http://docs.oracle.com/javaee/6/api/javax/annotation/security/RunAs.html

Edit:

And here is a link to more about JAAS "doAs", but I haven't studied it yet: http://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html

Puce
  • 37,247
  • 13
  • 80
  • 152
  • Hi, Puce, Thanks for your reply. I go through the JAAS document from the link you gave. It seems to be very complex. I will try to use the @RunAs annotation method you mentioned at first. Thx. – Peter Kang Nov 06 '12 at 02:02