Retrieve current Windows user in Java EE web application for Single Sign On purposes

问题

I am doing a Java EE web application that requires Single Sign On with Active Directory.

The application will no longer prompt for a username and password. The authentication process would require retrieval of the current Windows logged on user. Once I have the user, I need to query Active Directory to get the roles for that logged on user. I am aware that this will exclude non-Windows users, but this is an internal application and all clients are using Windows.

I have to implement the SSO in 2 Java EE web applications. 1 application is runnning on GlassFish v2.1.1 (JDK 1.6) and the other is running on Tomcat (JDK 1.5).

Basically my main problem is how to retrieve the current Windows logged on user.

I\'ve already come across JAAS and Kerberos. Kindly correct me if I\'m wrong. My understanding is that these are authentication protocol and they do not have the feature to retrieve the current windows logged on user.

I\'ve already tried the following but I am always getting null or Server\'s own username.

1. System.getProperty(\"user.name\");
2. new com.sun.security.auth.module.NTSystem().getName();
3. request.getUserPrincipal().getName();
4. System.getenv(\"USERNAME\");
5. JCIF NTLM HTTP Authentication in Tomcat
6. LoginContext

I am open to any suggestions.

回答1:

WAFFLE is a great solution for this. It does not need Kerberos configuration.

回答2:

SPNEGO is an open source project that provides a servlet filter that provies Integrated Windows Authentication.

if your organization uses java based web/application servers, and you prefer Kerberos/SPNEGO instead of NTLM as the authentication protocol, and you would rather have a Java Servlet Filter (JSR-53) based implementation instead of a container specific authentication module (JSR-196), and you want SSO (no username/password prompt), then this project may be of some interest to you.

It has instructions for configuring both Tomcat and Glassfish.

回答3:

This might be helpful: http://webmoli.com/2009/08/29/single-sign-on-in-java-platform/ http://appliedcrypto.com/

回答4:

JCIFS NTLM is no longer supported (though it will work with NTLMv1). In my current project we have used SPNEGO as previosuly recommended.

Options 1, 2 & 3 will try to get you the server user - you might want to have a think about where this code is running & how it could interact with the client machine (hint - it can't)

来源：https://stackoverflow.com/questions/4590227/retrieve-current-windows-user-in-java-ee-web-application-for-single-sign-on-purp