Kevin Mukhar wrote:
>
> Alan Smith wrote:
..snip...
> > The only other unique id I could think of was their email address. The
> > idea being that as the different servlets are invoked I can log who is
> > looking at what. However now I cannot figure out how to get their email
> > address.
>
> Well, then, you're pretty well up a creek. The HTTP protocol, which is the
> general method for communicating with a servlet, does not specify a field for
> the user's email address. There is no way to _automatically_ get it from an
> HttpServletRequest.
>
> Suggestions:
>
> - Tell the PHB's that there's no way to do it, and that if they have a concern
> about who is looking at the data, then they have a bigger problem that they need
> to solve first.
> - Having only a few well known user names and passwords is not a very good
> solution in terms of security. Suck it up and force separate username/passwords
> for every user.
> - The HTPP request DOES include the referrer address. You can use getRemoteHost
> or getRemoteAddr to retrieve that information. Tell the PHB that machine IP
> address is the best that can be done. If there's a problem, you know the IP
> address and can use that (with a little bit of leg work) to find the actual
> machine, and from there, find out who was logged on at the time the request was
> made.
>
I agree with all of the above, however if you are still set on trying to
get
the email address, here are a couple of thoughts:
1) In most cases (and you could probably get this installed as the
standard) the browser passes the email address as the password for
anonymous ftp
so you might be able to get at it that way, but I can't quite see how
(yet).
2) If your user's system is _always_ NT and they run the SNMP deamon,
then you can do an SNMP query to get the 'logged in user' . We have an
snmp bean
for this in our freeware stack (from memory this...)
http://www.westhawk.co.uk/resources/
3) You could write a signed applet to pass you the system.user
property,
but that's not trivial either.
Tim.
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
