Announcement Announcement Module
Collapse
No announcement yet.
authenticate windows username Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • authenticate windows username

    Can anyone advise me how I would go about using Spring / Acegi to authenticate users by taking their Windows username at logon and automatically taking this as the authenticated user ?

    Thanks

    Andy

  • #2
    I use JAAS to resolve login name of the user. There is no need to check password since I assume that user has already provided it. Then you can use the user variable as principal.

    Code:
           String user; //name of the login
           LoginContext loginContext = null;
           loginContext = new LoginContext( "GetLoginNameNT");
           loginContext.login();
           Subject subject = loginContext.getSubject();
    
           // Get the subject principals
           Principal principals[] = subject.getPrincipals().toArray( new Principal[0]);
           for&#40; int i = 0; i < principals.length; i++&#41;
           &#123;
                if&#40; principals&#91;i&#93; instanceof com.sun.security.auth.NTUserPrincipal
                        || principals&#91;i&#93; instanceof com.sun.security.auth.UnixPrincipal&#41;
                &#123;
                    //
                    user = principals&#91;i&#93;.getName&#40;&#41;;
                    break;
                &#125;
           &#125;

    Comment


    • #3
      I've never used JAAS before. Will this work as Java running in an application server, not locally on the machine ?

      A user will be basically accessing my J2EE web application running on an application server (Oracle 10g). I need to know the users windows login username.

      Comment


      • #4
        Maybe http://opensource2.atlassian.com/pro...g/browse/SEC-8 will help.

        Comment


        • #5
          Thanks Ben

          That may be what I'm looking for - I'll give it a try

          Andy

          Comment


          • #6
            I've tried using SEC-8 and almost have it working, however I'm not sure what to use for bean myAuthorizationProvider.

            Can anyone help ?


            Code:
            <bean id="myAuthorizationProvider"
                      class="it.stratosfera.backoffice.security.MyAuthorizationProvider"/>

            Comment


            • #7
              I was able to do this, so for anyone interested my code is below. I created an AuthenticationProvider that takes a list of roles to automatically grant, which are passed in via a property.

              I'd appreciate any comments about if this is the right way to go about this.

              Code:
              package com.cyc.acegisecurity.providers.fixed;
              import java.util.ArrayList;
              import java.util.Iterator;
              import java.util.List;
              import net.sf.acegisecurity.Authentication;
              import net.sf.acegisecurity.GrantedAuthority;
              import net.sf.acegisecurity.GrantedAuthorityImpl;
              import net.sf.acegisecurity.providers.AuthenticationProvider;
              import net.sf.acegisecurity.providers.smb.NtlmAuthenticationToken;
              
              public class FixedAuthenticationProvider implements AuthenticationProvider
              &#123;
                private GrantedAuthority&#91;&#93; grantedAuthorities;
                public void setGrantedAuthorities&#40;List newGrantedAuthorities&#41;
                &#123;
                  // convert the granted authorities list passed in to a GrantedAuthorities&#91;&#93;
                  ArrayList grantedArr = new ArrayList&#40;&#41;;
                  Iterator it = newGrantedAuthorities.iterator&#40;&#41;;
                  while&#40;it.hasNext&#40;&#41;&#41;
                    grantedArr.add&#40;new GrantedAuthorityImpl&#40;&#40;String&#41;it.next&#40;&#41;&#41;&#41;;
                  grantedAuthorities = &#40;GrantedAuthority&#91;&#93;&#41;grantedArr.toArray&#40;new GrantedAuthority&#91;&#93;&#123;&#125;&#41;;
                &#125;
                public Authentication authenticate&#40;Authentication authentication&#41; 
                &#123;
                  NtlmAuthenticationToken token = &#40;NtlmAuthenticationToken&#41; authentication;
                  token.setAuthenticated&#40;true&#41;;
                  token.setAuthorities&#40;grantedAuthorities&#41;;
                  return token;
                &#125;
                
                public boolean supports&#40;Class authentication&#41;
                &#123;
                  return NtlmAuthenticationToken.class.isAssignableFrom&#40; authentication &#41;; 
                &#125;
              &#125;



              Code:
              <!-- Authentication via NTLM -->
              <bean id="smbAuthenticationProvider"
                    class="net.sf.acegisecurity.providers.smb.SmbNtlmAuthenticationProvider">
                <property name="authorizationProvider">
                  <ref bean="authorizationProvider"/>  
                </property> 
              </bean>
              
              <bean id="authorizationProvider"
                    class="com.cyc.acegisecurity.providers.fixed.FixedAuthenticationProvider">
                <property name="grantedAuthorities">
                  <list>
                    <value>ROLE_USER</value>
                  </list>
                </property>
              </bean>

              Comment

              Working...
              X