Authenticating to sAMAccountName attribute with JSP

Currently I am rolling out an application on WebSphere Application Server 5.0 FP2 running on Clustered Windows 2000 Advanced Server.  Our domain users are set up in an Active Directory evironment. The application im setting up currently authenticates to the CN attribute. the problem is the AD installation stores the username (ie. jdoe) in an attribute called sAMAccountName and the Full Name in CN (ie. John Doe).

Keeping in mind that Im a begginer with JSP (but noit object oriented programming), I need to authenticate to a sAMaccount and pass the CN attribute back to the app so that my users can log in using thier Network Login. Once thing to keep in mind is the servlets arent exposed so everything I do must be custom and outside the app. I was hoping to get some assistance, maybe some code snipettes or examples as to how I would go about doing this.

Thanks in advance.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Once the user has been authenticated, have his/her credentials (e.g. username, password) set as session-level attributes.  To do this, you simply do this somewhere in your JSP:

<%   .....
        session.setAttribute ("username", username);   // username as the value of sAMAccountName as authenticated


Later, you can work with this object elsewhere, maybe in other JSP pages within the same application, by simply "getting" it, as in:

<%  ....
       String user = (String) session.getAttribute("username");

Hope this helps.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mnyeAuthor Commented:

thanks for the help, but i think i may have done a bad job explaining.

i need to authenticate via the sAMAccountName attribute of an LDAP account.  Is there a way to explicitly call an LDAP attribute from JSP?

Currently the applicaition authenticates but the user has to put in thier full name instead of thier username.


Unfortunately, I have not tried my hands on LDAP, but I've started reading up on it.

What I can say is that you can create a separate Java class to handle connections to the LDAP server, maybe have a method where you can pass the username (do you really need the full name in your JSP? why not the username itself?) to that method.  

Also, you can have some method/s to extract user information that you can use for rest of the user's session in your web app.  You can have a Java class that simply encapsulates various information that can be extracted from LDAP.  An instance of this class can also be set as a session attribute so you don't have to go back to the LDAP server everytime.

Then in your JSP, you can instantiate and work with that class and invoke its within a scriptlet. E.g.
          LDAPConnector conn = new LDAPConnector();
          String cn = conn.getUser (name);  //  name may be provided by user in the login page
          UserInfo info = conn.getUserInfo(cn);  //  cn is the attribute passed back from the LDAP server
                                                                  //  UserInfo encapsulates info stored on the user in the LDAP server
                                                                  // getUserInfo() calls the methods necessary to authenticate and get proper info on user
          session.setAttribute ("userInfo", info);  // set user information as session object

 Or you can create a custom tag to do the trick.
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

As an added suggestion, I think you have to read up on JNDI since it has the info on how to connect to the LDAP servers.
mnyeAuthor Commented:

that is the jist of what i want to do.  unfortunatly i dont know where to start.  i was hoping to get some info on what java classes to use to connect to LDAP.  dont suppose you have any info on that?

The application my company purchased was written in was not configured to authenticate to anything except the SN and CN attributes.  Because the networking group here set up the full name in the CN and SN has the email address, I cant currently authenticate to the username as it stand.

Ok, Matt.  Here's a quick tutorial on JNDI.  It should contain some info on how to connect to LDAP resources.  I have not read it thoroughly but you may find something valuable here.
You may also want to look into the javax.naming and packages after you read the JNDI tutorial.
This is also related to the earlier link I gave. 

By the way, I'm also reading through it now, too.  It's quite interesting.
mnyeAuthor Commented:
Ive read through a couple tutorials (got a WROX JSP book here), but from what I can tell, JNDI is limited in its integration to LDAP.  I think it follows a strick standard of LDAP and AD creates its own attribute sAMAccountName, from what I can tell, that is not availiable through the JNDI.

Ill let you now if I come across anything more.  please do the same.

Will do.
This is not the answer but it might be useful
It might just give you an idea.
I used this to connect my MySQL db to do Realm based authntication.

Hope it helps.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.