Solved

Authenticating to sAMAccountName attribute with JSP

Posted on 2003-12-05
12
1,479 Views
Last Modified: 2012-06-21
Currently I am rolling out an application on WebSphere Application Server 5.0 FP2 running on Clustered Windows 2000 Advanced Server.  Our domain users are set up in an Active Directory evironment. The application im setting up currently authenticates to the CN attribute. the problem is the AD installation stores the username (ie. jdoe) in an attribute called sAMAccountName and the Full Name in CN (ie. John Doe).

Keeping in mind that Im a begginer with JSP (but noit object oriented programming), I need to authenticate to a sAMaccount and pass the CN attribute back to the app so that my users can log in using thier Network Login. Once thing to keep in mind is the servlets arent exposed so everything I do must be custom and outside the app. I was hoping to get some assistance, maybe some code snipettes or examples as to how I would go about doing this.

Thanks in advance.

Matt
0
Comment
Question by:mnye
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 2

Accepted Solution

by:
anthony_castillon earned 500 total points
ID: 9884521
Once the user has been authenticated, have his/her credentials (e.g. username, password) set as session-level attributes.  To do this, you simply do this somewhere in your JSP:

<%   .....
        session.setAttribute ("username", username);   // username as the value of sAMAccountName as authenticated

%>

Later, you can work with this object elsewhere, maybe in other JSP pages within the same application, by simply "getting" it, as in:

<%  ....
       String user = (String) session.getAttribute("username");
      .......
%>

Hope this helps.
0
 
LVL 7

Author Comment

by:mnye
ID: 9884541
anthony_castillon,

thanks for the help, but i think i may have done a bad job explaining.

i need to authenticate via the sAMAccountName attribute of an LDAP account.  Is there a way to explicitly call an LDAP attribute from JSP?

Currently the applicaition authenticates but the user has to put in thier full name instead of thier username.

thanks,
Matt


0
 
LVL 2

Expert Comment

by:anthony_castillon
ID: 9884653
Unfortunately, I have not tried my hands on LDAP, but I've started reading up on it.

What I can say is that you can create a separate Java class to handle connections to the LDAP server, maybe have a method where you can pass the username (do you really need the full name in your JSP? why not the username itself?) to that method.  

Also, you can have some method/s to extract user information that you can use for rest of the user's session in your web app.  You can have a Java class that simply encapsulates various information that can be extracted from LDAP.  An instance of this class can also be set as a session attribute so you don't have to go back to the LDAP server everytime.

Then in your JSP, you can instantiate and work with that class and invoke its within a scriptlet. E.g.
  <%
          LDAPConnector conn = new LDAPConnector();
          String cn = conn.getUser (name);  //  name may be provided by user in the login page
          UserInfo info = conn.getUserInfo(cn);  //  cn is the attribute passed back from the LDAP server
                                                                  //  UserInfo encapsulates info stored on the user in the LDAP server
                                                                  // getUserInfo() calls the methods necessary to authenticate and get proper info on user
          session.setAttribute ("userInfo", info);  // set user information as session object
          ...................
%>

 Or you can create a custom tag to do the trick.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:anthony_castillon
ID: 9884660
As an added suggestion, I think you have to read up on JNDI since it has the info on how to connect to the LDAP servers.
0
 
LVL 7

Author Comment

by:mnye
ID: 9884694
anthony_castillon,

that is the jist of what i want to do.  unfortunatly i dont know where to start.  i was hoping to get some info on what java classes to use to connect to LDAP.  dont suppose you have any info on that?

The application my company purchased was written in was not configured to authenticate to anything except the SN and CN attributes.  Because the networking group here set up the full name in the CN and SN has the email address, I cant currently authenticate to the username as it stand.

thanks,
Matt
0
 
LVL 2

Expert Comment

by:anthony_castillon
ID: 9884860
Ok, Matt.  Here's a quick tutorial on JNDI.  It should contain some info on how to connect to LDAP resources.  I have not read it thoroughly but you may find something valuable here.

http://java.sun.com/products/jndi/tutorial/getStarted/index.html
0
 
LVL 2

Expert Comment

by:anthony_castillon
ID: 9884893
You may also want to look into the javax.naming and javax.naming.directory packages after you read the JNDI tutorial.
0
 
LVL 2

Expert Comment

by:anthony_castillon
ID: 9884920
This is also related to the earlier link I gave.

http://java.sun.com/products/jndi/tutorial/trailmap.html 

By the way, I'm also reading through it now, too.  It's quite interesting.
0
 
LVL 7

Author Comment

by:mnye
ID: 9884983
Ive read through a couple tutorials (got a WROX JSP book here), but from what I can tell, JNDI is limited in its integration to LDAP.  I think it follows a strick standard of LDAP and AD creates its own attribute sAMAccountName, from what I can tell, that is not availiable through the JNDI.

Ill let you now if I come across anything more.  please do the same.

thanks,
matt
0
 
LVL 2

Expert Comment

by:anthony_castillon
ID: 9885010
Will do.
0
 
LVL 3

Expert Comment

by:applekanna
ID: 9885597
This is not the answer but it might be useful
It might just give you an idea.
I used this to connect my MySQL db to do Realm based authntication.
http://www.onjava.com/lpt/a/1017

Hope it helps.
Cheers!
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9886436
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question