stackoom
  简体   繁体   中英

Check for user logged in with Active Directory in Java application

 原文  2014-07-25 19:25:24       java/ active-directory/ ldap

Question

So I have looked around quite a bit to find the answer I'm looking for, especially on this site, without any luck or a way to get exactly what I want for this app.

It's a java application and I'm trying to interact with Active Directory in Windows Server 2012 R2 so the user won't have to log into this java application if they have logged into their machine by using Active Directory.

I've heard that there is some kind of token that is in place on the machine if the user logged in with Active Directory and I was hoping I would just be able to check for that token, get the username of the logged in user, and log them into the java app with that username (disregarding password). I would like to do this without having to authenticate against the AD server as well.

I'm not sure that this would be the most efficient way for management of Active Directory against this java app, but it's all I need given my situation.

Links are welcome and I'm sorry if this question has been asked before.

EDIT: This is assuming that the only information I have available is the username of the Active Directory user which will match the username in the java application. I also have server credentials but I am trying to avoid storing the server's password in any form.

1 answers

solution1
 2  2014-08-01 12:49:48

Figured it out. Using the System.getenv("USERDNSDOMAIN") gives us the user@domain which is null if the user isn't logged in with Active Directory, which is enough in this case. Then we're using JAAS and a server conf file to get our LoginContext which gets the Subject from the logged-in user.

Hope this helps someone!

For example, here's the code: 

//this returns the logged in user if they're authenticated with the ldap server (Active Directory)
public javax.security.auth.Subject getSubject()
{
    String ldapServer = System.getenv("USERDNSDOMAIN");

    if (ldapServer == null)
    {
      Logger.error("No \"USERDNSDOMAIN\" environment variable found");
      return null;
    }

    System.setProperty("java.security.auth.login.config", "jaas.conf");
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "true");
    try
    {
      LoginContext loginCtx = new LoginContext("Server", new TextCallbackHandler());
      loginCtx.login();
      return loginCtx.getSubject();
    }
}

and the contents of the jaas.conf file: 

Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
useTicketCache=true;
};

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Query Active Directory in Java using a logged on user on windows How can I check if user has alread logged in into Windows Active Directory How can I get user logon name in web application (in GWT) when I logged using Active Directory? Java Spring Security - Application Role Based Active Directory User Authentication Check user is Logged In to Application (Appfuse Project) To retrieve logged in user's Active directory data from Websphere Getting an email address for a user logged in through Active Directory with Spring Securitu Check if user is logged in aws cognito, JAVA How to check user is logged in or not in Java EE Determine if active directory user started application
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM