How to get the logged user in JAVA with WEBLOGIC?

Question

I found a code, which should reach the logged user:

InitialContext ic = new InitialContext();
SessionContext sessionContext = (SessionContext)ic.lookup("java:comp/EJBContext");
System.out.println("look up injected sctx: " + sessionContext); 
Principal p = sessionContext.getCallerPrincipal();
System.out.println(p.getName());

But it still gives me <anonymus>. Why is that? How could I reach the logged user's name?

Answer 1

Your bean needs to be marked as secured (using any of the spec provided ways for the security related interceptors to play a role).

As a first step, you could do something like:

@Override
@PermitAll
public String whoAmI() {
   return context.getCallerPrincipal().getName();
}

That's just an example where you allow all roles to access that method. The presence of that @PermitAll security annotation will instruct the EJB container to bring into picture the EJB security interceptors. Take a look at this documentation for further details .Giving you jboss example https://docs.jboss.org/author/display/AS72/Securing+EJBs

Answer 2

You can use mbean API also to get it

import javax.naming.*;
import javax.management.MBeanInfo;
import weblogic.jndi.Environment;
import weblogic.management.runtime.ServerRuntimeMBean;
import weblogic.security.providers.authentication.DefaultAuthenticatorMBean;
import weblogic.management.security.authentication.UserReaderMBean;
import weblogic.management.security.authentication.GroupReaderMBean;
import weblogic.management.MBeanHome;
import weblogic.management.WebLogicMBean;
import weblogic.management.tools.Info;
import weblogic.management.Helper;
import weblogic.management.security.authentication.*;

public class ListUsersAndGroups
{
public static void main(String[] args)
{

MBeanHome home = null;
try
{

Environment env = new Environment();
env.setProviderUrl(“t3://localhost:7001?);
env.setSecurityPrincipal(“weblogic”);
env.setSecurityCredentials(“weblogic”);
Context ctx = env.getInitialContext();

home = (MBeanHome)ctx.lookup(“weblogic.management.adminhome”);

weblogic.management.security.RealmMBean rmBean = home.getActiveDomain().getSecurityConfiguration().getDefaultRealm();

AuthenticationProviderMBean[] authenticationBeans = rmBean.getAuthenticationProviders();
DefaultAuthenticatorMBean defaultAuthenticationMBean = (DefaultAuthenticatorMBean)authenticationBeans[0];
UserReaderMBean userReaderMBean = (UserReaderMBean)defaultAuthenticationMBean;
GroupReaderMBean groupReaderMBean = (GroupReaderMBean)defaultAuthenticationMBean;

String userCurName = userReaderMBean.listUsers(“*”, 100);

while (userReaderMBean.haveCurrent(userCurName) )
{
String user = userReaderMBean.getCurrentName(userCurName);
System.out.println(“\n User: ” + user);
userReaderMBean.advance(userCurName);
}

String cursorName = groupReaderMBean.listGroups(“*”, 100);
while (groupReaderMBean.haveCurrent(cursorName) )
{

String group = groupReaderMBean.getCurrentName(cursorName);
System.out.println(“\n Group: ” + group);
groupReaderMBean.advance(cursorName);
}

}
catch (Exception e)
{
e.printStackTrace();
}
}
}

Answer 3

You can try this.

Subject subject = Subject.getSubject(AccessController.getContext());
Set<java.security.Principal> principals = s.getPrincipals();
for (java.security.Principal principal : principals) {
  if (principal.getClass() == WLSUserImpl.class) {
    return principal.getName();
  }
}

Where WLSUserImpl is coming from package weblogic.security.principal.This is only workable for weblogic.