Forums Register Login

Retrive authenticated user attributes from Active Directory using principle obj from request

+Pie Number of slices to send: Send
Hi All,
I want to retrieve the authenticated user attributes from Active directory. I am doing authentication through the j_security_check feature provided in tomcat. The Realm I am using is JNDIRealm. After doing successful authentication on login page the user request forwarded to my servlet(for example "LoginServlet"). In this servlet I required to fetch the other authenticated user attributes(example first name, last name, telephone, email address). Now the challenge comes here that I am restricted to fetch only limited information about the authenticated user; roles etc. But I am unable to fetch the first name, last name also of the authenticated user(by specifying the username as input) from active directory.

I am taking the help of GenericPrinciple.java class provided by the apache. Part of the code written in my LoginServlet.

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
Principal userPrincipal = request.getUserPrincipal();
String roles[] = (String[])(userPrincipal.getClass().getMethod("getRoles", null).invoke(userPrincipal, null));
String userName = request.getUserPrincipal().getName();
GenericPrincipal genericPrincipal = (GenericPrincipal)userPrincipal;
// WHAT ARE THE NEXT STEPS TO FETCH OTHER ATTRIBUTES.
}

If anybody knows please help me out.
Thanks
Arpit
+Pie Number of slices to send: Send
Hi, i would also love to pull user attributes directly from Active Directory, of course i dont know and i am not bothered. Have you tried use Sun Directory services to synchronise directory data from Active Directory, then use the JNDI API to get all you want except the userPassword attribute, which i am also having problems with and asking for help. cheers.
+Pie Number of slices to send: Send
As part of the realm-independent architecture of the J2Ee container security system, the only real identifying information you can get about an authenticated user is the UserName string and User Principal objects. Because you can do things like test an app using a tomcat-users.xml file (MemoryRealm) but deploy on AD, and even switch to JDBC without recoding, there's no API to pull AD stuff in the security subsystem.

On the other hand, if you know the user ID, you usually have what you need to to a JNDI/LDAP search of the AD server directly. A side benefit of this (in exchange for having to configure and code for LDAP) is that even a non-AD-authenticated webapp can still retrieve user info from AD.
Did you ever grow anything in the garden of your mind? - Fred Rogers. Tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com


reply
reply
This thread has been viewed 4040 times.
Similar Threads
Is this possible with JAAS, or WebSphere even for that matter?
java custom login, strategy
JAAS with JSF misunderstanding
pre or post filter j_security_check
Authentication and Authorization Problems with IIS 6 and Jrun 4
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 28, 2024 15:26:38.