Discussions

Web tier: servlets, JSP, Web frameworks: Getting the username from a browser

  1. Getting the username from a browser (5 messages)

    I need to be able to get the username of the person currently logged onto a computer within a LAN. Right now we are using ASP, this presents a number of problems not the least of which being a server running IIS amid a bunch of Linux/Tomcat boxes.

    I prefer JSP/Servlets to ASP.
  2. Web browsers will not automatically report the user's local login id to the server. If they did, it would be a huge security flaw.

    You will need the user to log into the web application manually. Then you can look up their login id via request.getRemoteUser().

    If this is not acceptable, look at getting some kind of single-signon utility for your users. One (complicated) possibility is using digital certificates.
  3. IE does send the username of the person logged in at the moment. It does this using a protocol called NTLM. As of right now, I have been able to get Java to read the information, however, it has to run on a Windows server, otherwise it brings up an authentication window.
  4. If you want to rely on Windows/IE specific protocols, you may be better off sticking with ASP. The applications I write have to support all major browsers, so I am not familiar with NTLM, and can't give you more specific advice.

    The only idea I have left is to write some sort of servlet Filter to intercept the raw HTTP message, determine which HTTP header has the NLTM information, and parse it manually. This assumes that the NTLM information is in an HTTP header, which may not be the case.
  5. We are assuming that everyone uses IE. However, ASP is not our choice for application development - one (of many) reasons being our love of Linux servers.

    I have been able to get it to work, however, on the Tomcat server that I am running it on it always pops up a authentication dialog. Is there a way in Apache or Tomcat to disable the authentication dialog?
  6. I am not familiar with the protocol in question, so I don't know. Sorry I can't be of more help.