获取连接到Web服务器的客户端的用户名 [英] Get username of client who connected to web server
问题描述
这是场景。我是在AD域中的Web服务器上运行的代码。有些客户与我有联系。如何在不让客户在浏览器中填写表单的情况下获取该客户的用户名?必须在Web服务器端使用Java技术。
Here's the scenario. I am code running on a web server in an AD domain. Some client has connected to me. How do I get that client's username, without having the client fill out a form in their browser? Must use Java technologies on the web server side.
编辑:
我最终使用Spring Security Negotiate按照以下链接进行过滤。有一个教程可用。在servlet中使用 request.getPrincipal()。getName()会给出用户名。
I ended up using the Spring Security Negotiate Filter as described at the below link. There is a tutorial available. Using request.getPrincipal().getName() from within a servlet gives the username.
推荐答案
您需要设置 Spring Security Kerberos扩展 - 这是您在Spring Security 3中执行操作的唯一方法。这支持SPNEGO协商,但需要在服务器上进行一些设置(以及SPNEGO和Kerberos如何工作的知识)。
You need to set up the Spring Security Kerberos extension - this is the only out of the box way to do what you're describing in Spring Security 3. This supports SPNEGO negotiation, but requires some amount of setup on the server (and knowledge of how SPNEGO and Kerberos works).
目前没有太多文档 - 但Mike提供的1.0M2示例应用程序非常棒,涵盖了大多数常见场景,包括自动SPNEGO身份验证。
There's not much documentation - but Mike's sample applications that he ships with 1.0M2 are great, and cover most of the common scenarios, including automated SPNEGO authentication.
SPNEGO的关键是设置自定义 AuthenticationEntryPoint - 你需要使用自定义的spring bean来做这件事如下:
The key thing for SPNEGO is to set up a custom AuthenticationEntryPoint - you'll need to do this with a custom spring bean as follows:
<bean id="kerbEntryPoint" class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" />
<bean id="kerbAuthenticationProcessingFilter" class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
...除此之外还需要更多的豆子(再次参考样本w / Kerberos扩展)。如果你进一步使用Spring Security或者如果你想要确切的细节(因为涉及到许多bean / config位,请回复一些知识,例如你是否使用
... there are more beans that'll be required besides these (again, refer to the samples w/the Kerberos extension). Post back if you get further along with Spring Security or if you want exact details (since there are a number of beans / config bits involved, some knowledge of your configuration would be helpful, such as whether you are using the <http> namespace style or not).
除此选项外,您还必须设置类似的SPNEGO身份验证(如你所建议的那样使用WAFFLE) - 其他SO问题很好地说明了这一点。
Other than this option, you would have to set up a similar type of SPNEGO auth (such as using WAFFLE, as you suggest) - other SO questions cover this pretty well.
最后,您可以将Tomcat与另一个支持SPNEGO或NTLM的Web服务器结合使用,例如Microsoft IIS或Apache Web Server mod_spnego 。
Finally, you could possibly front Tomcat with another web server which supports SPNEGO or NTLM better, such as Microsoft IIS or Apache Web Server with mod_spnego.
希望其中一个想法可行为你服务!
Hopefully one of these ideas would work for you!
这篇关于获取连接到Web服务器的客户端的用户名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
