How to get more information on the user logged in?

Apr 23, 2012 at 6:05 PM
Edited Apr 23, 2012 at 6:05 PM

I'm looking into using Waffle to create a single-sign-on application for the intranet of the company i work for. I have tried the waffle-negotiate example under Tomcat, and it works. The example shows how to get the user id: request.getUserPrincipal().getName()

Is it possible to query AD for additional attributes? I'm interested in email ("mail") and group membership (of the user currently logged in).



Apr 23, 2012 at 7:09 PM

The group memberships are all there. That request.getUserPrincipal has properties such as getGroups(). 

Other AD attributes aren't available via SSPI, so you have to turn around and query AD via ADSI, which is a pain. 

Apr 23, 2012 at 7:52 PM

That's what i was afraid of. Is there any way around having to "hardcode" an LDAP URL, user id and password for the AD server?

Apr 23, 2012 at 8:07 PM

Yes, read up on ADSI. You need to get a DC, then since you are already logged in as the user, you can enable impersonation in Waffle and just access your AD information without having to do any extra auth. But I've never done this from Java.