-1

I am working on application which doesn't have any login mechanism, any user in my organization can use that. But I want to pick the username of the remote users who will use my tool. I have a button clicking on that I want to get their usernames.

I tried request.getRemoteUser got null. tried System.getenv("USERNAME") getting the logged in user of the localhost where the server resides. Tried getHostName, System.getProperty got the localhost name. Tried this also - new com.sun.security.auth.module.NTSystem().getName() but same result.

I am using java6, windows server and glassfish3 server.

Please suggest something as I don't want to use any external link and tool.

icza
  • 389,944
  • 63
  • 907
  • 827
mayank sharma
  • 63
  • 2
  • 2
  • 9
  • You should try `request.getRemoteHost()` instead. – Wundwin Born Jul 30 '14 at 08:31
  • I Disable anonymous login in IIS for my coldfusion website and use this (cgi.Auth_user) in my code to get the username of remote user, is there any workaround like this in Java and glassfish. – mayank sharma Aug 06 '14 at 14:14
  • For more clarity on this question, refer this question. http://stackoverflow.com/questions/16032690/retrieve-logged-on-windows-user-activedir-in-jsf2-application-glassfish – mayank sharma Aug 20 '14 at 06:31

4 Answers4

7

You want to do something called SSO (Single Sign On): A user is logged in somewhere (in your case his Windows computer) and you want to authenticate the user with this (already done) login. This is a very common use case and there are different ways to do that. However, the big question is always how you can trust those third party system. And this is where the trouble begins.

Since your question is not very clear, I assume you have a Java Glassfish server running on Windows Server and a Java client (because you asked for Java code). So the Java server must authenticate who the user of the Java client is. And the server must trust this information.

Using System.getProperty("user.name"); isn't a good idea since anybody can change it. You can start your Java program with java -Duser.name=Joe <your_program> and that's it.

But since you are on Windows, you could use Windows to help you. If both, your client and server, are in the same domain, they are authenticated against the same system. You can ask this system for the user identity. Typically machines of a company are in the same domain.

To do this there is a tool called Waffle. It does a secure Windows authentication between machines in the same domain. If your client and server are in the same domain, it is an easy way to perform an SSO (a single sign on). You can find it on GitHub: http://dblock.github.io/waffle/

Here is a simple example from one of my own questions a couple of months ago (see here):

// client credentials handle
IWindowsCredentialsHandle credentials= WindowsCredentialsHandleImpl.getCurrent("Negotiate");
credentials.initialize();

// initial client security context
WindowsSecurityContextImpl clientContext = new WindowsSecurityContextImpl();
clientContext.setPrincipalName(Advapi32Util.getUserName());
clientContext.setCredentialsHandle(credentials.getHandle());
clientContext.setSecurityPackage(securityPackage);
clientContext.initialize();

// accept on the server
WindowsAuthProviderImpl provider = new WindowsAuthProviderImpl();
IWindowsSecurityContext serverContext = null;

do {  

    if (serverContext != null) {

        // initialize on the client
        SecBufferDesc continueToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, serverContext.getToken());
        clientContext.initialize(clientContext.getHandle(), continueToken);
    }  

    // accept the token on the server
    serverContext = provider.acceptSecurityToken(clientContext.getToken(), "Negotiate");

} while (clientContext.getContinue() || serverContext.getContinue());

System.out.println(serverContext.getIdentity().getFqn());
for (IWindowsAccount group : serverContext.getIdentity().getGroups())
    System.out.println(" " + group.getFqn());

You can use Waffle also for websites. However, I didn't do that and cannot explain you what to do in this case.

And one important remark: I think you are a little bit confused. If you do request.getRemoteHost() on your server, you try to get the identity of the client who send the request (by the way, it is not secure, a client could send anything). However, if you do System.getProperty("user.name") on your server, you try to get the name of the server itself. Be aware where you are (on client or server) and what you want. And make sure whether you can trust this information or not. Security is difficult.

Community
  • 1
  • 1
Thomas Uhrig
  • 30,811
  • 12
  • 60
  • 80
  • Hi Thomas, i don't want to use SSO i just want to know the username of the windows machine they have logged on. I don't want to use external tools, and the code you have given is out of my scope as i am new to java. – mayank sharma Jul 30 '14 at 09:07
  • 1
    Well, this is SSO. You want to identify the user (= get its name) by his account he is using on his Windows machine. – Thomas Uhrig Jul 30 '14 at 09:10
  • I want to get the username of the client, as this application will be used in my organization only so i don't think there will be security issues. i did that in coldfusion, i got the remote username by cgi.remote_user , is there something like that in java. Please don't mind sentence making. – mayank sharma Jul 30 '14 at 09:33
  • If i set this code, I add reference to the jar, I am able to compile my jar, but on runtime, tomcat throws Advautil32 cannot be resolved, where do i need to put the waffle jars ? thanks – ilansch Feb 08 '16 at 11:13
1

java class code to find who loggedin into a remote computer in a domain

package com.test;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.HashMap;

import com.test.Pubfun;

public class UserName {
    public static HashMap <String,String> hmun=new HashMap<String, String>();
    public String setUserFromIP(String arg1) {
        String m = arg1;
        StringBuilder user = new StringBuilder();
        String u = "";
        String user2 = null;
        try {
            Process p = Runtime.getRuntime().exec("query user /server:" + m);
            p.waitFor();
            BufferedReader reader = new BufferedReader(new InputStreamReader(
                    p.getInputStream()));
            String line = reader.readLine();
            while (line != null) {
                line = reader.readLine();
                user.append(line);              
                line=null;
            }

        } catch (IOException e1) {
        } catch (InterruptedException e2) {
        }   
        u = user.toString().replace("null", "");
        try {           
            user2 = this.getUserFromString(u);
        } catch (ArrayIndexOutOfBoundsException ae) {
        }
        u.replace("null", " "); 
        System.out.println(user2);      
        hmun.put("username",user2);
        return user2;
    }

    public static String gethmun()
    {
        String t=hmun.get("username");
        return t;
    }
    public String getUserFromString(String u) {
        HashMap <String,String> hmun=new HashMap<String, String>();
        String input = u;
        int length, size;
        length = input.length();
        size = length ;
        String strarray[] = new String[size];
        strarray = input.split("\\s+");     
        for (int i = 0; i < strarray.length; i++) {
            if(strarray[i].equals("Active")){
                hmun.put("username", strarray[i-3]);
            }

        }

        String user1=hmun.get("username");
        return user1;

    }
}
Raman B
  • 331
  • 4
  • 5
0

HttpServletRequest.getRemoteUser() might optionally return the login of user making the request (if authenticated), but it is not the username of the user logged in on the remote machine.

There is no way to query the username of the remote machine. Browsers or applications making the requests might send this info voluntarily, but if they don't, you won't find a way to get it. And by default they don't send it so don't count on this.

icza
  • 389,944
  • 63
  • 907
  • 827
-4

This gives you the current logged in Username from your local Windows System System.getProperty("user.name");

romaneso
  • 1,097
  • 1
  • 10
  • 26