brian wrote:
> Hi Jeff,
>
> Craig is probably a better person to answer this, but in case it doesn't attract
> his attention (the volume on this list has drastically increased of late), the way
> I think it works is like this:
>
That's what I get for answering lots of questions :-). I saw it, and try to respond to
the "interesting" questions, but today's been pretty busy .. see below.
>
> JSP is of course server-side only, and is compiled into a servlet and thus is bound
> by all the rules that govern servlets. JSP, once executed, generates plain old
> HTML. Absent some javascript, you can't do anything more on the client side than
> you can with HTML. Even if you could execute a System.getProperty() [and maybe you
> can from a Servlet?], you'll be returning the values of the server machine, not the
> client.
>
> I'm no javascript guru, but perhaps there is a way in javascript to attempt what
> you're trying to do. I still don't think so - if applets aren't allowed access to
> client-side system values, I doubt that javascripts are.
>
> Of course that's just my opinion; I could be wrong...
> -bml
>
> "Bailey, Jeff A" wrote:
>
> > Quick question
> >
> > Has anyone implemented a method to access the username of the person logged
> > into an NT system through a JSP in any way? Specifically the username of
> > the person accessing the jsp through a browser.
> >
> > Sort of like using System.getProperty("user") from a JSP (sorta)
> >
> > I remember reading about some attempts to do this but dont remember the
> > details and it is something that would greatly aid some tasks I am working
> > on. Any third party utilities? etc?
> >
> > Any ideas are greatly appreciated.
> >
> > Thanks,
> >
> > J
The first thing necessary is a clarification -- are we talking about the user's logon
name on the client machine (where the browser is running) or the server machine (where
the servlet is running)?
If it's the client machine, there's nothing you can do with servlets and JSP per se
because they are only on the server side. I also don't think there's a JavaScript
function that lets you ask this question. Of course, I wouldn't trust the answer even
if there was such a function, because the actual client could really be application
program that is masquerading as a user.
On the server machine, you need to remember that executing a JSP page does *not*
require logging in to NT on the server. The servlet engine (or the web server you are
running it under) usually provides some mechanism to define valid users for the web
application that are usually not the same as OS logins. Unless you have configured
your server to know that a particular URL needs authentication, getRemoteUser() is
going to return null.
At first blush, it sounds really tempting to set up your server to use NT's
authentication mechanism to validate usernames and passwords (some servers let you do
this), and therefore let the user use their same username and password. However, if
you're using Basic authentication (the pop-up prompt you see on subscription web
sites), this is a *VERY* bad idea, because your username and password are sent in what
amounts to cleartext across the network with every request. That's not the kind of
thing you want to make known to anyone with a packet sniffer in the right place.
Craig McClanahan
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
