Active Directory Authentication

In ASP I can easily authenticate the user using the IIS feature. In JSP how is this possible ?
LVL 2
glottisAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KuldeepchaturvediCommented:
It depends what kind of authentication you want to perform,
If you want form authentication then you will have to write your own form to accpet user name and password and then you may authenticate it against a database table may be....

Once authentiacted you can put a switch in session to denote a successfull login to the system. every jsp of yours will check this session value before proceeding....

Another option can be tomcat realm authentication. It will require you to change server.xml to store valid users and their roles..

your login form will look something like
<html>
<head>
<title>Login Page for Examples</title>
<body bgcolor="white">
<form method="POST" action='<%= response.encodeURL("j_security_check") %>' >
  <table border="0" cellspacing="5">
    <tr>
      <th align="right">Username:</th>
      <td align="left"><input type="text" name="j_username"></td>
    </tr>
    <tr>
      <th align="right">Password:</th>
      <td align="left"><input type="password" name="j_password"></td>
    </tr>
    <tr>
      <td align="right"><input type="submit" value="Log In"></td>
      <td align="left"><input type="reset"></td>
    </tr>
  </table>
</form>
</body>
</html>

and your tomcat-users.xml will look something like
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="admin"/>
  <role rolename="manager"/>
  <role rolename="role1"/>
  <role rolename="tomcat"/>
  <user username="admin" password="point" roles="admin,manager"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
</tomcat-users>


Another authentication will be NT authentication for which you will have to use JNI features JAAS is also a very good option
check out this URL for more information...
http://java.sun.com/products/jaas/reference/docs/index.html
0
glottisAuthor Commented:
ill get back onto this question... checking the URL
0
kennethxuCommented:
more information on J2ee web security:
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

PlumppuddingCommented:
You can also authenticate against Active Directory using JNDI

You can download, view code samples and the API from java.sun.com

Here is a part of the code that I wrote in my servlet to authenticate the user against active directory.
   public boolean validateUser(String username, String password) {
        DirContext context = null;
        Hashtable env = new Hashtable();
        env.put (initial_context_factory, (String)Config.getProperty(Config.INITIAL_CONTEXT_FACTORY));
        env.put (provider_url, (String)Config.getProperty(Config.PROVIDER_URL));
        env.put (security_authentication, (String)Config.getProperty(Config.SECURITY_AUTHENTICATION));

        env.put (Context.SECURITY_PRINCIPAL, username);
        env.put (Context.SECURITY_CREDENTIALS, password);

        try {
            context = new InitialDirContext (env);
        } catch (NamingException ne) {
            System.out.println ("Exception: " + ne);
            ne.printStackTrace();
            return false;
        }

        if (context == null) {
            // Invalid user
            return false;
        } else {
            return true;
        }
   }

HTH
Plumppudding
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
glottisAuthor Commented:
Plumppudding,

Will this example work in every scenario ?
no matter what application server I'm using... etc...

or does it have some specific requirements which I should meet.
0
PlumppuddingCommented:
I guess it should as long as JNDI jar is in your classpath. I tried it in tomcat

Plumppudding
0
glottisAuthor Commented:
oh ok thanks a bunch
0
zukeLongCommented:
Hi,
This solution is fine, but if I am using a popup window for the userid/pwd, (auth-method = BASIC), then how do I capture the password. I understand that the user id can be captured by
getUserPrincipal() or getRemoteUser(). My client does not want a login page. Hence I cannot provide one and filter the password field.
Please help me in this regard.
Thanks in advance!
-Zuke
0
glottisAuthor Commented:
Am... it would be nice if you would as a seperate question.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JSP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.