getting the Active Directory group name for the logged in user

[Sophi Kanzaki]

I'm writing a reports website for my company that shows reports relevant to a user's group. So for example, HR will only see HR-related reports. I'm using the waffle Mixed Authenticator and I've tried out the "role" button but it doesn't get the groups properly. It keeps telling me that I'm not a member of my own group (Administrator), when the Active Directory says I am.

I've seen suggestions to use something like this to properly list the user's AD groups:

IWindowsAuthProvider prov = new WindowsAuthProviderImpl();
IWindowsIdentity identity = prov.logonUser("username", "password"); 
System.out.println("User identity: " + identity.getFqn()); 
for(IWindowsAccount group : identity.getGroups()) { 
    System.out.println(" " + group.getFqn() + " (" + group.getSidString() + ")"); 
} 

Problem is, I need to find out what "password" is. Since j_security_check uses a POST, I thought I could pull it out of the query but request.getQueryString() gives mej_negotiate_check, which really isn't helpful. I can get the name from the HttpServletRequest but not the password.

So my question is, How can I get the user's group properly? Is this a good check? Is there something else?

If this is a good check, how do I retrieve the password without having to rewrite j_security_check?

I've heard something about filters but I'm not exactly sure what they are and how to write them. I can't find any documentation.

Thanks so much.

[Daniel Doubrovkine]

You should enable DEBUG-level logging in Waffle and see what the output is. It will list the groups that the user is a member of when they login.

--
You received this message because you are subscribed to the Google Groups "waffle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

--

dB. | Moscow - Geneva - Seattle - New York
dblock.org - @dblockdotorg

[Sophi Kanzaki]

Is there a way to catch the data in code? I want to use group membership as conditionals to show/hide sections of the webpage, depending on the group/department they belong to.

So for example (in pseudocode)

if in HR group,

display all HR group reports

else if in Financial group,

display all Financial group reports

etc

I'm just not sure how to retrieve the group names in code.

[Daniel Doubrovkine]

Yes, these get translated into roles I believe, so check out https://github.com/dblock/waffle/blob/master/Docs/tomcat/TomcatJSPDemo.md for how to do it. Inspect that principal object, there're other methods that have groups and what not, too.

[Sophi Kanzaki]

That is EXACTLY what I need. Thanks so much!