Solved

Authenticating to sAMAccountName attribute with JSP

Posted on 2003-12-05
12
1,471 Views
Last Modified: 2012-06-21
Currently I am rolling out an application on WebSphere Application Server 5.0 FP2 running on Clustered Windows 2000 Advanced Server.  Our domain users are set up in an Active Directory evironment. The application im setting up currently authenticates to the CN attribute. the problem is the AD installation stores the username (ie. jdoe) in an attribute called sAMAccountName and the Full Name in CN (ie. John Doe).

Keeping in mind that Im a begginer with JSP (but noit object oriented programming), I need to authenticate to a sAMaccount and pass the CN attribute back to the app so that my users can log in using thier Network Login. Once thing to keep in mind is the servlets arent exposed so everything I do must be custom and outside the app. I was hoping to get some assistance, maybe some code snipettes or examples as to how I would go about doing this.

Thanks in advance.

Matt
0
Comment
Question by:mnye
12 Comments
 
LVL 2

Accepted Solution

by:
anthony_castillon earned 500 total points
ID: 9884521
Once the user has been authenticated, have his/her credentials (e.g. username, password) set as session-level attributes.  To do this, you simply do this somewhere in your JSP:

<%   .....
        session.setAttribute ("username", username);   // username as the value of sAMAccountName as authenticated

%>

Later, you can work with this object elsewhere, maybe in other JSP pages within the same application, by simply "getting" it, as in:

<%  ....
       String user = (String) session.getAttribute("username");
      .......
%>

Hope this helps.
0
 
LVL 7

Author Comment

by:mnye
ID: 9884541
anthony_castillon,

thanks for the help, but i think i may have done a bad job explaining.

i need to authenticate via the sAMAccountName attribute of an LDAP account.  Is there a way to explicitly call an LDAP attribute from JSP?

Currently the applicaition authenticates but the user has to put in thier full name instead of thier username.

thanks,
Matt


0
 
LVL 2

Expert Comment

by:anthony_castillon
ID: 9884653
Unfortunately, I have not tried my hands on LDAP, but I've started reading up on it.

What I can say is that you can create a separate Java class to handle connections to the LDAP server, maybe have a method where you can pass the username (do you really need the full name in your JSP? why not the username itself?) to that method.  

Also, you can have some method/s to extract user information that you can use for rest of the user's session in your web app.  You can have a Java class that simply encapsulates various information that can be extracted from LDAP.  An instance of this class can also be set as a session attribute so you don't have to go back to the LDAP server everytime.

Then in your JSP, you can instantiate and work with that class and invoke its within a scriptlet. E.g.
  <%
          LDAPConnector conn = new LDAPConnector();
          String cn = conn.getUser (name);  //  name may be provided by user in the login page
          UserInfo info = conn.getUserInfo(cn);  //  cn is the attribute passed back from the LDAP server
                                                                  //  UserInfo encapsulates info stored on the user in the LDAP server
                                                                  // getUserInfo() calls the methods necessary to authenticate and get proper info on user
          session.setAttribute ("userInfo", info);  // set user information as session object
          ...................
%>

 Or you can create a custom tag to do the trick.
0
 
LVL 2

Expert Comment

by:anthony_castillon
ID: 9884660
As an added suggestion, I think you have to read up on JNDI since it has the info on how to connect to the LDAP servers.
0
 
LVL 7

Author Comment

by:mnye
ID: 9884694
anthony_castillon,

that is the jist of what i want to do.  unfortunatly i dont know where to start.  i was hoping to get some info on what java classes to use to connect to LDAP.  dont suppose you have any info on that?

The application my company purchased was written in was not configured to authenticate to anything except the SN and CN attributes.  Because the networking group here set up the full name in the CN and SN has the email address, I cant currently authenticate to the username as it stand.

thanks,
Matt
0
 
LVL 2

Expert Comment

by:anthony_castillon
ID: 9884860
Ok, Matt.  Here's a quick tutorial on JNDI.  It should contain some info on how to connect to LDAP resources.  I have not read it thoroughly but you may find something valuable here.

http://java.sun.com/products/jndi/tutorial/getStarted/index.html
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 2

Expert Comment

by:anthony_castillon
ID: 9884893
You may also want to look into the javax.naming and javax.naming.directory packages after you read the JNDI tutorial.
0
 
LVL 2

Expert Comment

by:anthony_castillon
ID: 9884920
This is also related to the earlier link I gave.

http://java.sun.com/products/jndi/tutorial/trailmap.html

By the way, I'm also reading through it now, too.  It's quite interesting.
0
 
LVL 7

Author Comment

by:mnye
ID: 9884983
Ive read through a couple tutorials (got a WROX JSP book here), but from what I can tell, JNDI is limited in its integration to LDAP.  I think it follows a strick standard of LDAP and AD creates its own attribute sAMAccountName, from what I can tell, that is not availiable through the JNDI.

Ill let you now if I come across anything more.  please do the same.

thanks,
matt
0
 
LVL 2

Expert Comment

by:anthony_castillon
ID: 9885010
Will do.
0
 
LVL 3

Expert Comment

by:applekanna
ID: 9885597
This is not the answer but it might be useful
It might just give you an idea.
I used this to connect my MySQL db to do Realm based authntication.
http://www.onjava.com/lpt/a/1017

Hope it helps.
Cheers!
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9886436
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

HOW TO: Connect to the VMware vSphere Hypervisor 6.5 (ESXi 6.5) using the vSphere (HTML5 Web) Host Client 6.5, and perform a simple configuration task of adding a new VMFS 6 datastore.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This video discusses moving either the default database or any database to a new volume.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now