如何在java中获取远程用户的用户名 [英] How to get the remote user's username in java

问题描述

我正在处理没有任何登录机制的应用程序，我组织中的任何用户都可以使用它。但我想选择将使用我的工具的远程用户的用户名。我点击了一个按钮，我想获取他们的用户名。

I am working on application which doesn't have any login mechanism, any user in my organization can use that. But I want to pick the username of the remote users who will use my tool. I have a button clicking on that I want to get their usernames.

我试过 request.getRemoteUser got 空。尝试 System.getenv（USERNAME）获取服务器所在的localhost的登录用户。尝试 getHostName ， System.getProperty 获取localhost名称。试过这个 - new com.sun.security.auth.module.NTSystem（）。getName（）但结果相同。

I tried request.getRemoteUser got null. tried System.getenv("USERNAME") getting the logged in user of the localhost where the server resides. Tried getHostName, System.getProperty got the localhost name. Tried this also - new com.sun.security.auth.module.NTSystem().getName() but same result.

我正在使用java6，windows服务器和glassfish3服务器。

I am using java6, windows server and glassfish3 server.

请提出建议，因为我不想使用任何外部链接和工具。

Please suggest something as I don't want to use any external link and tool.

推荐答案

您想要做一些名为SSO（单点登录）的事情：用户登录某处（在您的情况下是他的Windows计算机）和您希望使用此（已完成）登录来验证用户身份。这是一个非常常见的用例，有不同的方法可以做到这一点。但是，最重要的问题始终是如何信任这些第三方系统。这就是麻烦开始的地方。

You want to do something called SSO (Single Sign On): A user is logged in somewhere (in your case his Windows computer) and you want to authenticate the user with this (already done) login. This is a very common use case and there are different ways to do that. However, the big question is always how you can trust those third party system. And this is where the trouble begins.

由于你的问题不是很明确，我假设你有一个在Windows Server和Java客户端上运行的Java Glassfish服务器（因为你问Java代码）。因此，Java服务器必须验证Java客户端的用户是谁。服务器必须信任这些信息。

Since your question is not very clear, I assume you have a Java Glassfish server running on Windows Server and a Java client (because you asked for Java code). So the Java server must authenticate who the user of the Java client is. And the server must trust this information.

使用 System.getProperty（user.name）; 不是一个好主意，因为任何人都可以改变它。您可以使用 java -Duser.name = Joe< your_program> 启动Java程序，就是这样。

Using System.getProperty("user.name"); isn't a good idea since anybody can change it. You can start your Java program with java -Duser.name=Joe <your_program> and that's it.

但是，由于您使用的是Windows，因此可以使用Windows来帮助您。如果您的客户端和服务器位于同一个域中，则它们将针对同一系统进行身份验证。您可以向此系统询问用户身份。通常，公司的机器位于同一个域中。

But since you are on Windows, you could use Windows to help you. If both, your client and server, are in the same domain, they are authenticated against the same system. You can ask this system for the user identity. Typically machines of a company are in the same domain.

为此，有一个名为Waffle的工具。它在同一域中的计算机之间执行安全的Windows身份验证。如果您的客户端和服务器位于同一个域中，则可以轻松地执行SSO（单点登录）。你可以在GitHub上找到它： http://dblock.github.io/waffle/

To do this there is a tool called Waffle. It does a secure Windows authentication between machines in the same domain. If your client and server are in the same domain, it is an easy way to perform an SSO (a single sign on). You can find it on GitHub: http://dblock.github.io/waffle/

这是几个月前我自己的一个问题的一个简单例子（参见这里）：

Here is a simple example from one of my own questions a couple of months ago (see here):

// client credentials handle
IWindowsCredentialsHandle credentials= WindowsCredentialsHandleImpl.getCurrent("Negotiate");
credentials.initialize();

// initial client security context
WindowsSecurityContextImpl clientContext = new WindowsSecurityContextImpl();
clientContext.setPrincipalName(Advapi32Util.getUserName());
clientContext.setCredentialsHandle(credentials.getHandle());
clientContext.setSecurityPackage(securityPackage);
clientContext.initialize();

// accept on the server
WindowsAuthProviderImpl provider = new WindowsAuthProviderImpl();
IWindowsSecurityContext serverContext = null;

do {  

    if (serverContext != null) {

        // initialize on the client
        SecBufferDesc continueToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, serverContext.getToken());
        clientContext.initialize(clientContext.getHandle(), continueToken);
    }  

    // accept the token on the server
    serverContext = provider.acceptSecurityToken(clientContext.getToken(), "Negotiate");

} while (clientContext.getContinue() || serverContext.getContinue());

System.out.println(serverContext.getIdentity().getFqn());
for (IWindowsAccount group : serverContext.getIdentity().getGroups())
    System.out.println(" " + group.getFqn());        

您也可以将Waffle用于网站。但是，我没有这样做，也无法解释你在这种情况下该怎么做。

You can use Waffle also for websites. However, I didn't do that and cannot explain you what to do in this case.

还有一个重要的评论：我认为你是有点困惑。如果您在服务器上执行 request.getRemoteHost（），则会尝试获取发送请求的客户端的身份（顺便说一句，它不安全，客户端可以发送任何东西）。但是，如果在服务器上执行 System.getProperty（user.name），则会尝试获取服务器本身的名称。请注意您（在客户端或服务器上）的位置以及您想要的内容。并确保您是否可以信任这些信息。安全性很难。

And one important remark: I think you are a little bit confused. If you do request.getRemoteHost() on your server, you try to get the identity of the client who send the request (by the way, it is not secure, a client could send anything). However, if you do System.getProperty("user.name") on your server, you try to get the name of the server itself. Be aware where you are (on client or server) and what you want. And make sure whether you can trust this information or not. Security is difficult.

这篇关于如何在java中获取远程用户的用户名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！