windows域中的用户名
我正在开发一个使用 Jespa 进行透明 SSO 的应用程序。我正在使用 NtlmSecurityProvider。在我的代码中,当我得到的用户名看起来像这样:“DOMAINNAME\username”
例如
<% out.println(request.getRemoteUser()); %>
打印:MYDOMAIN\myusername
这是我的问题:
它总是看起来像这样,带有域名和用户名?或者这只是我们域中用户帐户的设置方式?例如,如果我切换到不同的 Windows 域,我是否可能只获得没有域和反斜杠的用户名?
谢谢!
I'm working on a app that uses Jespa to do transparent SSO. I'm using the NtlmSecurityProvider. In my code, when I get the username looks like this: "DOMAINNAME\username"
e.g.
<% out.println(request.getRemoteUser()); %>
prints this: MYDOMAIN\myusername
Here's my question:
Will it always look like that, with the domain name and the username? or is it just the way our user accounts in our domain are set up? Like, if I switched to a different windows domain, could I potentially get just the username without the domain and the backslash?
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我在 serverfault.com 上问过这个问题。我从斯奎尔曼那里得到了一个非常好的答案。 (谢谢!)这里是:
“这可能更多地是 Jespa 人员的支持问题。输出依赖于他们的 API 的行为。
不过,一般来说,Windows 的最佳实践是始终使用 DOMAIN\username 格式或 username@domain 格式。
如果您担心格式更改,那么我建议您编写一个类/方法/实用程序,它知道如何解析 getRemoteUser() 的结果,并在您认为必要时将部分返回到您的应用程序。那么如果它真的改变了您只需更改一段代码即可修复您的应用程序。”
我编写了一个方法来解析 getRemoteUser() 的结果,就像他建议的那样,到目前为止效果很好。
I asked this question over on serverfault.com. I got a really good answer from Squillman. (Thank you!) Here it is:
"This is probably more a support question for the Jespa folks. The output is reliant on the behavior of their API.
In general, though, best practice for Windows is to always use DOMAIN\username format or username@domain format.
If you're worried about the format changing then I would suggest you write a class / method / utility that knows how to parse the results of getRemoteUser() and returns the parts to your app as you deem necessary. Then if it ever does change you only have to change on piece of code to fix your app."
I wrote a method to parse the results of getRemoteUser() like he suggested and it's working well so far.
这是高度可配置的。请参阅《Jespa 操作员手册》中 NtlmSecurityProvider 属性部分中的 account.canonicalForm 属性。您可以将用户名设置为 BUSICORP\sbackus 或 [email protected] 或只是sbackus 或浏览器提供的任何内容(无规范化)。
例如,如果您希望 getRemoteUser 仅返回用户名而不返回域,请在 HttpSecurityService 属性文件中设置 jespa.account.canonicalForm = 2。但在多域环境中,使用合格的帐户名可能相当重要!
This is highly configurable. See the account.canonicalForm property in The NtlmSecurityProvider Properties section in the Jespa Operator's Manual. You can make the username like BUSICORP\sbackus or [email protected] or just sbackus or whatever the browser supplied (no canonicalization).
For example, if you want getRemoteUser to return only the username and not the domain set jespa.account.canonicalForm = 2 in the HttpSecurityService properties file. But in a multi-domain environment it might be rather important to use a qualified account name!