If you're looking for the ID that the user logs into his/her own computer with, that's almost impossible. Web applications normally can have clients from anywhere on the Internet and the overwhelming majority of such users do not and never will have a LAN user ID for your LAN.
Furthermore, even if all clients are within your LAN, the normal security mechanisms for Java webapps cannot obtain the LAN ID of the client. You have to explicitly obtain and wire in a Windows LAN authentication provider to the webapp server. And unless IE's defaults have been changed, each client desiring to use their LAN user ID must have a registry switch override to enable that security method for that client machine.
If you do all that, then the request.getRemoteUser() method will return the LAN user ID. If you use another J2EE security system instead then users who have logged into that security system will have their security system userids returned from request.getRemoteUser(). If you don't set up server security or you invent your own login code, then request.getRemoteUser() will always return NULL.
Obtaining the user's IP address for security purposes is almost 100% totally useless, since the incoming return IP address may have no predictable relation to the specific user's IP address. Between NAT and proxying, for many years I had a desktop IP address of 192.168.100.3 but Internet clients saw me - and everyone else on the mousetech.com domain as 220.127.116.11. And even if the 192.168 address had been obtainable, that's not a public IP address, so there are uncounted thousands of other machines in the world who also use that same address on their LANs.
Finally, of course, if you were to actually come up with a way to get a suitable identity in JSP logic, the Bear would growl at you for putting logic on a JSP!
Sometimes the only way things ever got fixed is because people became uncomfortable.