• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2668
  • Last Modified:

Active Directory Authentication

In ASP I can easily authenticate the user using the IIS feature. In JSP how is this possible ?
2 Solutions
It depends what kind of authentication you want to perform,
If you want form authentication then you will have to write your own form to accpet user name and password and then you may authenticate it against a database table may be....

Once authentiacted you can put a switch in session to denote a successfull login to the system. every jsp of yours will check this session value before proceeding....

Another option can be tomcat realm authentication. It will require you to change server.xml to store valid users and their roles..

your login form will look something like
<title>Login Page for Examples</title>
<body bgcolor="white">
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
  <table border="0" cellspacing="5">
      <th align="right">Username:</th>
      <td align="left"><input type="text" name="j_username"></td>
      <th align="right">Password:</th>
      <td align="left"><input type="password" name="j_password"></td>
      <td align="right"><input type="submit" value="Log In"></td>
      <td align="left"><input type="reset"></td>

and your tomcat-users.xml will look something like
<?xml version='1.0' encoding='utf-8'?>
  <role rolename="admin"/>
  <role rolename="manager"/>
  <role rolename="role1"/>
  <role rolename="tomcat"/>
  <user username="admin" password="point" roles="admin,manager"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>

Another authentication will be NT authentication for which you will have to use JNI features JAAS is also a very good option
check out this URL for more information...
glottisAuthor Commented:
ill get back onto this question... checking the URL
more information on J2ee web security:
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

You can also authenticate against Active Directory using JNDI

You can download, view code samples and the API from java.sun.com

Here is a part of the code that I wrote in my servlet to authenticate the user against active directory.
   public boolean validateUser(String username, String password) {
        DirContext context = null;
        Hashtable env = new Hashtable();
        env.put (initial_context_factory, (String)Config.getProperty(Config.INITIAL_CONTEXT_FACTORY));
        env.put (provider_url, (String)Config.getProperty(Config.PROVIDER_URL));
        env.put (security_authentication, (String)Config.getProperty(Config.SECURITY_AUTHENTICATION));

        env.put (Context.SECURITY_PRINCIPAL, username);
        env.put (Context.SECURITY_CREDENTIALS, password);

        try {
            context = new InitialDirContext (env);
        } catch (NamingException ne) {
            System.out.println ("Exception: " + ne);
            return false;

        if (context == null) {
            // Invalid user
            return false;
        } else {
            return true;

glottisAuthor Commented:

Will this example work in every scenario ?
no matter what application server I'm using... etc...

or does it have some specific requirements which I should meet.
I guess it should as long as JNDI jar is in your classpath. I tried it in tomcat

glottisAuthor Commented:
oh ok thanks a bunch
This solution is fine, but if I am using a popup window for the userid/pwd, (auth-method = BASIC), then how do I capture the password. I understand that the user id can be captured by
getUserPrincipal() or getRemoteUser(). My client does not want a login page. Hence I cannot provide one and filter the password field.
Please help me in this regard.
Thanks in advance!
glottisAuthor Commented:
Am... it would be nice if you would as a seperate question.

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now