Determining the network user from a Java Websphere app

I've got an internal web application built with Java 1.6 and Websphere. Only users logged into the domain can reach the application. I need to be able to access the username of anyone using the application. We're using Windows domain controllers. I'm fairly new to Java and can't figure out how to get this information. Any help wo开发者_C百科uld be appreciated. If you need more information I'll be happy to provide it.

Thanks,

Andrew

Here's the code that eventually worked.

LdapClient ldapClient = new LdapClient();
Boolean foundUserInAD = Boolean.FALSE;
foundUserInAD = ldapClient.userIsInAD(userName, password);

if(foundUserInAD) {
    //Do stuff.
}

From what I know of J2EE and web apps, you can generally acquire the Principal object and then retrieve the user name from that. Is that what you need?

Here's an example of how you could do this in a servlet inside of the doGet or doPost methods:

//here is the HttpServletRequest object. retrieve user from it.
Principal principal = request.getUserPrincipal();
//now get the name out of it.
String userName = principal.getName();

Getting to a password is much trickier, but if all you need is the username, this should be the name they "logged onto" your WebSphere server with (ie whatever ID was passed to it).

Is that what you are looking for?

See:javax.servlet.http.HttpServletRequest.getRemoteUser()

Returns the login of the user making this request, if the user has been authenticated, or null if the user has not been authenticated.

Your question is not really Java but WAS related. Basically if you want to use the security facilities of WAS for Web Security all your users must be found from the LDAP the WAS is configured against. If that is not possible for you please have changes made to the application so that it implements its own custom made security (authentication & authorization) mechanisms.

It sounds like someone enabled the JavaEE security role for the servlets used by your application and probably also the SPNEGO. That is pretty nice configuration but it really doesn't allow anyone that is not found from the default LDAP to access anything.