I think some app servers (WebLogic, others?) allow you to use Windows network security (domain controller might be the right term?) for web app security. The users will need to login to your app specfically, but you might then be able to get some profile info by calling request.getUserPrincipal() after that.
Basically, you setup the app to use standard container-managed security and then configure a Realm on the app server that contacts the Windows doamin controller for security information. When a user authenticates, the realm creates a Principal object for the user, and the app server makes that object available to the web app via request.getUserPrincipal(). The spec just says it has to be a Principal, but it can be a subclass that contains whatever information the realm implementor/configurator wants it to. I don't know if you can just configure a few things to easily set this up, but this is one way in which the functionality you desire could be acheived within the architectural bounds defined by the servlet spec. The software to do this may or may not exist in as complete a form as described here. You can always write your own Realm to do whatever you want if you find that it hasn't been done to your satisfaction already. It seems like there would be security problems if this was acheived without the app server (or at least your app) being connected to the Windows network security system. I certainly hope my browser is not sending user profile information to any web site/app that asks for it! -Max ----- Original Message ----- From: "Ramu, Manjukumar [PRDUS]" <[EMAIL PROTECTED]> To: "'Struts Users Mailing List'" <[EMAIL PROTECTED]> Sent: Wednesday, January 29, 2003 1:14 PM Subject: Help!! Getting NT User > Hello, > Is there any easy way to get client's NT User from JSP/Servlet > without using JAAS? My requirement: Once the user access the application > URL, I want to get the use profile based on NT User name(Assuming that the > user already authenticated by the NT domain). > > Appreciate your help!! > > Thanks, > Manju > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
