windows username (difference when run in java and jsp)

[dexter195]

Hi,

Im creating a small internal web application that will detect the user's username automatically to save them having to log in and out and also to restrict other people accessing the application.

when i run the following code in java

System.getProperty("user.name")

it brings up the windows username.
however when i put this on a jsp page it brings up SYSTEM and when i use the code

System.getProperty("user.home")

to bring up their home directory it works in java but in the jsp it brings up one of the administrators accounts which isnt being used. this admin account cannot be removed.

does anybody have any ways around this?

thanks for the help

 

[feherke]

Hi

That will not work that way. I suppose your servlet container is started as a service, that is why you get SYSTEM as user.name. If you start the servlet container from the command window, the returned user.name will be the name of the user who started it.

You did not mentioned your servlet container's name, neither the used/desired authentication method. So no suggestion for now. Give us more details.

Feherke.

http://rootshell.be/~feherke/

 

[dexter195]

thanks feherke,

i wasnt aware of the servlet container had anything to do with authentication. i just used the servlet-api.jar

%CATALINA_HOME%\common\lib\servlet-api.jar;


i have that in my CLASSPATH environmnet variable. i presume that, that's started up with the tomcat service. or is this the servlet container that your talking about?

thanks

 

[Diancecht]

Im creating a small internal web application that will detect the user's username automatically to save them having to log in and out and also to restrict other people accessing the application.

I'm not folowwing you. That property shows the user running the server application in the server machine. I take you want to store the user name of the client machine. Am I wrong?

Cheers,
Dian

 

[dexter195]

thats exactly what i want to do dian. i guess i should have copped that. ill have a look to see if some java script can do the job.

cheers

 

[feherke]

Hi

I take you want to store the user name of the client machine.

thats exactly what i want to do

I hope that will be never possible for a server-side web application to find out the name of the user on client side.

A way could be with some signed Java applet, which with the user's acceptance could have access to local machine's stuffs...

Why not a simple password based authentication ?

Feherke.

http://rootshell.be/~feherke/

 

[Diancecht]

Asumming its an Intranet application and security is not an issue, you could do that using JavaScript. The Javascript forum is plenty of examples with different ways:

http://www.tek-tips.com/viewthread.cfm?qid=993311

After that you can send the username as a parameter and process it server side.

Cheers,
Dian

 

[dexter195]

I can see your point but this is for an internal application within the company so i suppose a signed applet is probably the way to go.

the reason i dont want a password based authentication is becasue i want as little maintance as possible. i dont want to have all the bother with people loosing passwords. if their using their machine then il take it that they're that person. security isnt really an issue but its more that i want to restrict the site to a certain bunch of people. ill give the applets ago and see how i get on.

thanks for advice

 

[Diancecht]

It it's an internal application, the I imagine it will be placed on a trusted server. That means there's no need of signed applets as the server will placed in the trusted sites of the browser.

Cheers,
Dian

 

[dexter195]

Thanks for the help. Im gona have to resort to the usual username and password because after talking to the people who'll be using the site, they'll need to access the information from other peoples workstations so if i go this way they'll have no permissions when they're on other peoples pcs so sorry to have bothered ye.