Active Directory Authentication

In ASP I can easily authenticate the user using the IIS feature. In JSP how is this possible ?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It depends what kind of authentication you want to perform,
If you want form authentication then you will have to write your own form to accpet user name and password and then you may authenticate it against a database table may be....

Once authentiacted you can put a switch in session to denote a successfull login to the system. every jsp of yours will check this session value before proceeding....

Another option can be tomcat realm authentication. It will require you to change server.xml to store valid users and their roles..

your login form will look something like
<title>Login Page for Examples</title>
<body bgcolor="white">
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
  <table border="0" cellspacing="5">
      <th align="right">Username:</th>
      <td align="left"><input type="text" name="j_username"></td>
      <th align="right">Password:</th>
      <td align="left"><input type="password" name="j_password"></td>
      <td align="right"><input type="submit" value="Log In"></td>
      <td align="left"><input type="reset"></td>

and your tomcat-users.xml will look something like
<?xml version='1.0' encoding='utf-8'?>
  <role rolename="admin"/>
  <role rolename="manager"/>
  <role rolename="role1"/>
  <role rolename="tomcat"/>
  <user username="admin" password="point" roles="admin,manager"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>

Another authentication will be NT authentication for which you will have to use JNI features JAAS is also a very good option
check out this URL for more information...
glottisAuthor Commented:
ill get back onto this question... checking the URL
more information on J2ee web security:
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

You can also authenticate against Active Directory using JNDI

You can download, view code samples and the API from

Here is a part of the code that I wrote in my servlet to authenticate the user against active directory.
   public boolean validateUser(String username, String password) {
        DirContext context = null;
        Hashtable env = new Hashtable();
        env.put (initial_context_factory, (String)Config.getProperty(Config.INITIAL_CONTEXT_FACTORY));
        env.put (provider_url, (String)Config.getProperty(Config.PROVIDER_URL));
        env.put (security_authentication, (String)Config.getProperty(Config.SECURITY_AUTHENTICATION));

        env.put (Context.SECURITY_PRINCIPAL, username);
        env.put (Context.SECURITY_CREDENTIALS, password);

        try {
            context = new InitialDirContext (env);
        } catch (NamingException ne) {
            System.out.println ("Exception: " + ne);
            return false;

        if (context == null) {
            // Invalid user
            return false;
        } else {
            return true;


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
glottisAuthor Commented:

Will this example work in every scenario ?
no matter what application server I'm using... etc...

or does it have some specific requirements which I should meet.
I guess it should as long as JNDI jar is in your classpath. I tried it in tomcat

glottisAuthor Commented:
oh ok thanks a bunch
This solution is fine, but if I am using a popup window for the userid/pwd, (auth-method = BASIC), then how do I capture the password. I understand that the user id can be captured by
getUserPrincipal() or getRemoteUser(). My client does not want a login page. Hence I cannot provide one and filter the password field.
Please help me in this regard.
Thanks in advance!
glottisAuthor Commented:
Am... it would be nice if you would as a seperate question.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.