鉴于Java Servlet(在Windows服务器上运行)通过ProcessBuilder创建一个新进程,我有什么选择让新进程作为调用servlet原始Web请求的用户运行?
Given a Java Servlet (running on a Windows server) which creates a new process via ProcessBuilder, what are my options for having that new process run as the user who invoked the original web request to the servlet?
To clarify, what I want is that something like
ProcessBuilder pb = new ProcessBuilder("whoami");
Process p = pb.start();
// p.getOutputStream() should contain the name of the remote user,
// not the user running the app server
And the real goal is to perform some security checks (say, to see if the user if able to open a file, or view such-and-such record in an internal enterprise system).
显然,用户需要通过应用程序服务器或java代码以某种方式进行身份验证 - 理想情况下我希望以某种方式进行身份验证单点登录(即没有用户输入密码),如果解决方案仅适用于已经登录到域的Windows客户端(如果不是限制,则更好)。我目前正在使用Jetty作为应用服务器,但如果有必要,切换到其他东西肯定是一个可行的选择。
Clearly the user will need to be authenticated somehow, either by the app server or the java code - Ideally I'd like that to be in some way that works with single sign on (i.e. without the user entering a password), and it's fine if the solution works only from Windows clients who are already logged onto a domain (though even better if that's not a restriction). I'm currently using Jetty as the app server, but switching to something else would certainly be a viable option if necessary.
(If it helps to clarify, I'm basically looking to replace a CGI script which currently uses IIS's impersonation features to run in the context of the user making the request)
Project Waffle will get you (almost) there. It has SSO and impersonation implemented.
这篇关于从Java Servlet模拟用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!