Solved

Active Directory Authentication

Posted on 2003-12-08
9
2,655 Views
Last Modified: 2012-08-14
In ASP I can easily authenticate the user using the IIS feature. In JSP how is this possible ?
0
Comment
Question by:glottis
9 Comments
 
LVL 19

Assisted Solution

by:Kuldeepchaturvedi
Kuldeepchaturvedi earned 20 total points
ID: 9902428
It depends what kind of authentication you want to perform,
If you want form authentication then you will have to write your own form to accpet user name and password and then you may authenticate it against a database table may be....

Once authentiacted you can put a switch in session to denote a successfull login to the system. every jsp of yours will check this session value before proceeding....

Another option can be tomcat realm authentication. It will require you to change server.xml to store valid users and their roles..

your login form will look something like
<html>
<head>
<title>Login Page for Examples</title>
<body bgcolor="white">
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
  <table border="0" cellspacing="5">
    <tr>
      <th align="right">Username:</th>
      <td align="left"><input type="text" name="j_username"></td>
    </tr>
    <tr>
      <th align="right">Password:</th>
      <td align="left"><input type="password" name="j_password"></td>
    </tr>
    <tr>
      <td align="right"><input type="submit" value="Log In"></td>
      <td align="left"><input type="reset"></td>
    </tr>
  </table>
</form>
</body>
</html>

and your tomcat-users.xml will look something like
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="admin"/>
  <role rolename="manager"/>
  <role rolename="role1"/>
  <role rolename="tomcat"/>
  <user username="admin" password="point" roles="admin,manager"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
</tomcat-users>


Another authentication will be NT authentication for which you will have to use JNI features JAAS is also a very good option
check out this URL for more information...
http://java.sun.com/products/jaas/reference/docs/index.html
0
 
LVL 2

Author Comment

by:glottis
ID: 9902496
ill get back onto this question... checking the URL
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9905080
more information on J2ee web security:
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
0
 
LVL 1

Accepted Solution

by:
Plumppudding earned 30 total points
ID: 9905179
You can also authenticate against Active Directory using JNDI

You can download, view code samples and the API from java.sun.com

Here is a part of the code that I wrote in my servlet to authenticate the user against active directory.
   public boolean validateUser(String username, String password) {
        DirContext context = null;
        Hashtable env = new Hashtable();
        env.put (initial_context_factory, (String)Config.getProperty(Config.INITIAL_CONTEXT_FACTORY));
        env.put (provider_url, (String)Config.getProperty(Config.PROVIDER_URL));
        env.put (security_authentication, (String)Config.getProperty(Config.SECURITY_AUTHENTICATION));

        env.put (Context.SECURITY_PRINCIPAL, username);
        env.put (Context.SECURITY_CREDENTIALS, password);

        try {
            context = new InitialDirContext (env);
        } catch (NamingException ne) {
            System.out.println ("Exception: " + ne);
            ne.printStackTrace();
            return false;
        }

        if (context == null) {
            // Invalid user
            return false;
        } else {
            return true;
        }
   }

HTH
Plumppudding
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 2

Author Comment

by:glottis
ID: 9910604
Plumppudding,

Will this example work in every scenario ?
no matter what application server I'm using... etc...

or does it have some specific requirements which I should meet.
0
 
LVL 1

Expert Comment

by:Plumppudding
ID: 9928704
I guess it should as long as JNDI jar is in your classpath. I tried it in tomcat

Plumppudding
0
 
LVL 2

Author Comment

by:glottis
ID: 9935589
oh ok thanks a bunch
0
 

Expert Comment

by:zukeLong
ID: 10156094
Hi,
This solution is fine, but if I am using a popup window for the userid/pwd, (auth-method = BASIC), then how do I capture the password. I understand that the user id can be captured by
getUserPrincipal() or getRemoteUser(). My client does not want a login page. Hence I cannot provide one and filter the password field.
Please help me in this regard.
Thanks in advance!
-Zuke
0
 
LVL 2

Author Comment

by:glottis
ID: 10161405
Am... it would be nice if you would as a seperate question.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now