Can anyone advise me how I would go about using Spring / Acegi to authenticate users by taking their Windows username at logon and automatically taking this as the authenticated user ?
Thanks
Andy
Junior Member
authenticate windows username
Can anyone advise me how I would go about using Spring / Acegi to authenticate users by taking their Windows username at logon and automatically taking this as the authenticated user ?
Thanks
Andy
Junior Member
I use JAAS to resolve login name of the user. There is no need to check password since I assume that user has already provided it. Then you can use the user variable as principal.
Code:String user; //name of the login LoginContext loginContext = null; loginContext = new LoginContext( "GetLoginNameNT"); loginContext.login(); Subject subject = loginContext.getSubject(); // Get the subject principals Principal principals[] = subject.getPrincipals().toArray( new Principal[0]); for( int i = 0; i < principals.length; i++) { if( principals[i] instanceof com.sun.security.auth.NTUserPrincipal || principals[i] instanceof com.sun.security.auth.UnixPrincipal) { // user = principals[i].getName(); break; } }
Junior Member
I've never used JAAS before. Will this work as Java running in an application server, not locally on the machine ?
A user will be basically accessing my J2EE web application running on an application server (Oracle 10g). I need to know the users windows login username.
Senior Member
Spring Team
Junior Member
Thanks Ben
That may be what I'm looking for - I'll give it a try
Andy
Junior Member
I've tried using SEC-8 and almost have it working, however I'm not sure what to use for bean myAuthorizationProvider.
Can anyone help ?
Code:<bean id="myAuthorizationProvider" class="it.stratosfera.backoffice.security.MyAuthorizationProvider"/>
Junior Member
I was able to do this, so for anyone interested my code is below. I created an AuthenticationProvider that takes a list of roles to automatically grant, which are passed in via a property.
I'd appreciate any comments about if this is the right way to go about this.
Code:package com.cyc.acegisecurity.providers.fixed; import java.util.ArrayList; import java.util.Iterator; import java.util.List; import net.sf.acegisecurity.Authentication; import net.sf.acegisecurity.GrantedAuthority; import net.sf.acegisecurity.GrantedAuthorityImpl; import net.sf.acegisecurity.providers.AuthenticationProvider; import net.sf.acegisecurity.providers.smb.NtlmAuthenticationToken; public class FixedAuthenticationProvider implements AuthenticationProvider { private GrantedAuthority[] grantedAuthorities; public void setGrantedAuthorities(List newGrantedAuthorities) { // convert the granted authorities list passed in to a GrantedAuthorities[] ArrayList grantedArr = new ArrayList(); Iterator it = newGrantedAuthorities.iterator(); while(it.hasNext()) grantedArr.add(new GrantedAuthorityImpl((String)it.next())); grantedAuthorities = (GrantedAuthority[])grantedArr.toArray(new GrantedAuthority[]{}); } public Authentication authenticate(Authentication authentication) { NtlmAuthenticationToken token = (NtlmAuthenticationToken) authentication; token.setAuthenticated(true); token.setAuthorities(grantedAuthorities); return token; } public boolean supports(Class authentication) { return NtlmAuthenticationToken.class.isAssignableFrom( authentication ); } }
Code:<!-- Authentication via NTLM --> <bean id="smbAuthenticationProvider" class="net.sf.acegisecurity.providers.smb.SmbNtlmAuthenticationProvider"> <property name="authorizationProvider"> <ref bean="authorizationProvider"/> </property> </bean> <bean id="authorizationProvider" class="com.cyc.acegisecurity.providers.fixed.FixedAuthenticationProvider"> <property name="grantedAuthorities"> <list> <value>ROLE_USER</value> </list> </property> </bean>
Posting Permissions
