开发者

Can a Java class impersonate another Windows user?

I've a Java servlet class which is accessing a NetApp folder for files. The class is running on Tomcat 6.0 on Windows 2003 and uses Active Directory authenication (LDAP) to authenticate the webapp users.

Tomcat (and thus also the webapp with the Java servlet classes) itself is running with account xyz, which is a service account. The NetApp folder has various permissions set on some groups.

Right now I check if the webapp user is part of the groups by issuing the A开发者_如何学PythonD query:

"cmd.exe /C dsquery user -samid <username> dsget user -memberof -expand|grep -f <filename containing groups>"

This is a bit tedious and error prone because if somebody adds a new group to the folder in NetApp, the above command will fail unless I update the groups file. So, is there any way to impersonate the accessing userid in Java and get the file directly from netapp and by pass the above AD check?


Have you taken a look at LDAP libraries for Java such as OpenLDAP, LDAPTemplate, ... ? An interesting read to grasp more context on the issue could be the Tips for LDAP users from Sun

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜