Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1483
  • Last Modified:

Authenticating to sAMAccountName attribute with JSP

Currently I am rolling out an application on WebSphere Application Server 5.0 FP2 running on Clustered Windows 2000 Advanced Server.  Our domain users are set up in an Active Directory evironment. The application im setting up currently authenticates to the CN attribute. the problem is the AD installation stores the username (ie. jdoe) in an attribute called sAMAccountName and the Full Name in CN (ie. John Doe).

Keeping in mind that Im a begginer with JSP (but noit object oriented programming), I need to authenticate to a sAMaccount and pass the CN attribute back to the app so that my users can log in using thier Network Login. Once thing to keep in mind is the servlets arent exposed so everything I do must be custom and outside the app. I was hoping to get some assistance, maybe some code snipettes or examples as to how I would go about doing this.

Thanks in advance.

Matt
0
mnye
Asked:
mnye
1 Solution
 
anthony_castillonCommented:
Once the user has been authenticated, have his/her credentials (e.g. username, password) set as session-level attributes.  To do this, you simply do this somewhere in your JSP:

<%   .....
        session.setAttribute ("username", username);   // username as the value of sAMAccountName as authenticated

%>

Later, you can work with this object elsewhere, maybe in other JSP pages within the same application, by simply "getting" it, as in:

<%  ....
       String user = (String) session.getAttribute("username");
      .......
%>

Hope this helps.
0
 
mnyeAuthor Commented:
anthony_castillon,

thanks for the help, but i think i may have done a bad job explaining.

i need to authenticate via the sAMAccountName attribute of an LDAP account.  Is there a way to explicitly call an LDAP attribute from JSP?

Currently the applicaition authenticates but the user has to put in thier full name instead of thier username.

thanks,
Matt


0
 
anthony_castillonCommented:
Unfortunately, I have not tried my hands on LDAP, but I've started reading up on it.

What I can say is that you can create a separate Java class to handle connections to the LDAP server, maybe have a method where you can pass the username (do you really need the full name in your JSP? why not the username itself?) to that method.  

Also, you can have some method/s to extract user information that you can use for rest of the user's session in your web app.  You can have a Java class that simply encapsulates various information that can be extracted from LDAP.  An instance of this class can also be set as a session attribute so you don't have to go back to the LDAP server everytime.

Then in your JSP, you can instantiate and work with that class and invoke its within a scriptlet. E.g.
  <%
          LDAPConnector conn = new LDAPConnector();
          String cn = conn.getUser (name);  //  name may be provided by user in the login page
          UserInfo info = conn.getUserInfo(cn);  //  cn is the attribute passed back from the LDAP server
                                                                  //  UserInfo encapsulates info stored on the user in the LDAP server
                                                                  // getUserInfo() calls the methods necessary to authenticate and get proper info on user
          session.setAttribute ("userInfo", info);  // set user information as session object
          ...................
%>

 Or you can create a custom tag to do the trick.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
anthony_castillonCommented:
As an added suggestion, I think you have to read up on JNDI since it has the info on how to connect to the LDAP servers.
0
 
mnyeAuthor Commented:
anthony_castillon,

that is the jist of what i want to do.  unfortunatly i dont know where to start.  i was hoping to get some info on what java classes to use to connect to LDAP.  dont suppose you have any info on that?

The application my company purchased was written in was not configured to authenticate to anything except the SN and CN attributes.  Because the networking group here set up the full name in the CN and SN has the email address, I cant currently authenticate to the username as it stand.

thanks,
Matt
0
 
anthony_castillonCommented:
Ok, Matt.  Here's a quick tutorial on JNDI.  It should contain some info on how to connect to LDAP resources.  I have not read it thoroughly but you may find something valuable here.

http://java.sun.com/products/jndi/tutorial/getStarted/index.html
0
 
anthony_castillonCommented:
You may also want to look into the javax.naming and javax.naming.directory packages after you read the JNDI tutorial.
0
 
anthony_castillonCommented:
This is also related to the earlier link I gave.

http://java.sun.com/products/jndi/tutorial/trailmap.html 

By the way, I'm also reading through it now, too.  It's quite interesting.
0
 
mnyeAuthor Commented:
Ive read through a couple tutorials (got a WROX JSP book here), but from what I can tell, JNDI is limited in its integration to LDAP.  I think it follows a strick standard of LDAP and AD creates its own attribute sAMAccountName, from what I can tell, that is not availiable through the JNDI.

Ill let you now if I come across anything more.  please do the same.

thanks,
matt
0
 
anthony_castillonCommented:
Will do.
0
 
applekannaCommented:
This is not the answer but it might be useful
It might just give you an idea.
I used this to connect my MySQL db to do Realm based authntication.
http://www.onjava.com/lpt/a/1017

Hope it helps.
Cheers!
0
 
kennethxuCommented:
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now