Results 1 to 8 of 8
  1. #1
    thalupularavi is offline Member
    Join Date
    Feb 2010
    Posts
    7
    Rep Power
    0

    Default Detecting system user privileges on XP OS?

    Hi All,

    How to identify logged user is admin or non-admin on XP OS using Java API?

    We are planning to restrict non-admin users to run desktop application(Swing app) on XP.

    Any inputs will be greatly appreciated.

    Thanks,
    Ravi T

  2. #2
    FON
    FON is offline Senior Member
    Join Date
    Dec 2009
    Location
    Belgrade, Serbia
    Posts
    364
    Rep Power
    5

    Default

    This maybe?

    Java Code:
    System.out.println( System.getProperty("user.name") );

  3. #3
    thalupularavi is offline Member
    Join Date
    Feb 2010
    Posts
    7
    Rep Power
    0

    Default

    Thanks FON for your quick reply.

    System.out.println( System.getProperty("user.name") );

    Is displays only username not role. I have to identify that user belongs to Admin group or not.

  4. #4
    FON
    FON is offline Senior Member
    Join Date
    Dec 2009
    Location
    Belgrade, Serbia
    Posts
    364
    Rep Power
    5

    Default

    Ok, this is about using
    Java Authentication and Authorization Service (JAAS)

    Here is some code and links to get you starting
    I hope this will help
    but you have to do further research by yourself ;)

    In rt.jar that comes with your virtual machine
    there is package : "com.sun.security.auth"
    as SUN's impl. of JAAS

    In order for this code sample to run in your IDE
    be sure that u have set classpath right
    (maybe you have to change your system library)


    Java Code:
    com.sun.security.auth.module.NTSystem NTSystem = new com.sun.security.auth.module.NTSystem();
    			
    			System.out.println(NTSystem.getName());
    			System.out.println(NTSystem.getDomain());
    			
    			System.out.println(NTSystem.getDomainSID());
    			
    			System.out.println(NTSystem.getImpersonationToken());
    			System.out.println(NTSystem.getPrimaryGroupID());
    			System.out.println(NTSystem.getUserSID());
    			System.out.println(NTSystem.getGroupIDs());
    Output is:

    Java Code:
    dren
    JAVAMACHINE
    S-1-5-21-299502267-220523388-725345543
    3696
    S-1-5-21-299502267-220523388-725345543-513
    S-1-5-21-299502267-220523388-725345543-1003
    [Ljava.lang.String;@19821f

    Now those S-1-5 are security identifiers
    which maybe could help you resolve issuse like user groups and permissions.

    Here is link for their meaning:

    Well-known security identifiers in Windows operating systems

    I don't know if this is good approach
    but at least it will give you some ideas :)

    cheers!

  5. #5
    thalupularavi is offline Member
    Join Date
    Feb 2010
    Posts
    7
    Rep Power
    0

    Default helpful information

    Hi FON,

    Thanks a lot for the information. It is helpful.

    I have came across another solution is implementing Windows API. But for that we have to use Jnative or JNI API.

    Our current application is already using Jnative API. Looking for an example to implement CheckTokenMembership() using Jnative API.

    I know that this not right forum to post Jnative related questions.

    CheckTokenMembership Function (Windows)

    -Ravi T

  6. #6
    FON
    FON is offline Senior Member
    Join Date
    Dec 2009
    Location
    Belgrade, Serbia
    Posts
    364
    Rep Power
    5

    Default

    Quote Originally Posted by thalupularavi View Post
    Hi FON,


    I know that this not right forum to post Jnative related questions.


    -Ravi T
    Well in this context i believe it is right place.
    Don't hesitate to post your solution at the end of your research
    I'm pretty sure the are people here how would like to know solution
    for this interesting problem.

    A question for you:
    are those SID's in link I posted enough to solve your problem,
    or to be more precise :

    if in my code I check some user's SID and that SID IS NOT type.. :

    SID: S-1-5-21domain-500
    Name: Administrator
    Description: A user account for the system administrator. By default, it is the only user account that is given full control over the system.


    ...is it good enough to restrict this user?

    thanx for your answer in advance!

    good luck!

  7. #7
    thalupularavi is offline Member
    Join Date
    Feb 2010
    Posts
    7
    Rep Power
    0

    Thumbs up It is working fine

    Hi FON,

    Thanks a lot for your support.

    I'm planning to user following SID to detect admin rights. Please see the description, i.e every domain admin group also part of this group. Considering this group for validation.

    I have tested on multiple XP systems. It is as it expected.


    SID: S-1-5-32-544
    Name: Administrators
    Description: A built-in group. After the initial installation of the operating system, the only member of the group is the Administrator account. When a computer joins a domain, the Domain Admins group is added to the Administrators group. When a server becomes a domain controller, the Enterprise Admins group also is added to the Administrators group.


    public static boolean isAdmin()
    {
    com.sun.security.auth.module.NTSystem NTSystem = new com.sun.security.auth.module.NTSystem();
    String groups[] = NTSystem.getGroupIDs();
    for(String group : groups)
    {
    if( group.equals("S-1-5-32-544"))
    return true;
    }
    return false;
    }

  8. #8
    FON
    FON is offline Senior Member
    Join Date
    Dec 2009
    Location
    Belgrade, Serbia
    Posts
    364
    Rep Power
    5

    Default

    Hi thalupularavi,

    you are very welcome,
    I'm so glad you find a solution for your problem.

    A lot of people start some Thread, post their problem, and after some time
    they just leave it like that, so thread stays useless.

    So thank you very much for sharing final solution with us
    that's what forum should be about.

    It takes time and lot of machines to test the solution for this sort of problem, I hope your tests end well and that check of
    SID: S-1-5-32-544 is good enough for this purpose.

    hope to hear more from your in coming days

    cheers :)

Similar Threads

  1. Replies: 1
    Last Post: 08-27-2009, 11:16 AM
  2. detecting location of ipaddress
    By tej in forum Networking
    Replies: 5
    Last Post: 05-08-2009, 02:37 PM
  3. Detecting software installed in PC
    By Lukalo in forum Advanced Java
    Replies: 3
    Last Post: 02-13-2009, 03:04 AM
  4. Detecting user movement of a JFrame
    By dklett in forum AWT / Swing
    Replies: 4
    Last Post: 08-27-2008, 07:01 AM
  5. Detecting Browser Settings
    By arupranjans in forum JavaServer Pages (JSP) and JSTL
    Replies: 0
    Last Post: 07-31-2007, 02:31 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •