Win a copy of Terraform in Action this week in the Cloud forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

Retrive authenticated user attributes from Active Directory using principle obj from request

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,
I want to retrieve the authenticated user attributes from Active directory. I am doing authentication through the j_security_check feature provided in tomcat. The Realm I am using is JNDIRealm. After doing successful authentication on login page the user request forwarded to my servlet(for example "LoginServlet"). In this servlet I required to fetch the other authenticated user attributes(example first name, last name, telephone, email address). Now the challenge comes here that I am restricted to fetch only limited information about the authenticated user; roles etc. But I am unable to fetch the first name, last name also of the authenticated user(by specifying the username as input) from active directory.

I am taking the help of GenericPrinciple.java class provided by the apache. Part of the code written in my LoginServlet.

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Principal userPrincipal = request.getUserPrincipal();
String roles[] = (String[])(userPrincipal.getClass().getMethod("getRoles", null).invoke(userPrincipal, null));
String userName = request.getUserPrincipal().getName();
GenericPrincipal genericPrincipal = (GenericPrincipal)userPrincipal;
// WHAT ARE THE NEXT STEPS TO FETCH OTHER ATTRIBUTES.
}

If anybody knows please help me out.
Thanks
Arpit
 
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi, i would also love to pull user attributes directly from Active Directory, of course i dont know and i am not bothered. Have you tried use Sun Directory services to synchronise directory data from Active Directory, then use the JNDI API to get all you want except the userPassword attribute, which i am also having problems with and asking for help. cheers.
 
Saloon Keeper
Posts: 24575
168
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As part of the realm-independent architecture of the J2Ee container security system, the only real identifying information you can get about an authenticated user is the UserName string and User Principal objects. Because you can do things like test an app using a tomcat-users.xml file (MemoryRealm) but deploy on AD, and even switch to JDBC without recoding, there's no API to pull AD stuff in the security subsystem.

On the other hand, if you know the user ID, you usually have what you need to to a JNDI/LDAP search of the AD server directly. A side benefit of this (in exchange for having to configure and code for LDAP) is that even a non-AD-authenticated webapp can still retrieve user info from AD.
 
reply
    Bookmark Topic Watch Topic
  • New Topic