Is there an ntlm_auth function in java

I am running tomcat 6.0.14 and jdk 1.7.0_02 on Slackware32 version 13.37, kernel 2.6.37.6-smp. This host is on a LAN which has a Samba4 Domain Controller / Active Directory.

This host is a webserver running jsp programs and I would like to authenticate web users with AD Authenticiation. Is there a java function/method to do this? Basically, I'm looking for something like:

boolean AuthenticateMe("user","password");

I've looked at http://docs.oracle.com/javase/7/docs/technotes/guides/net/http-auth.html, which has:
    class MyAuthenticator extends Authenticator {

        public PasswordAuthentication getPasswordAuthentication () {
            return new PasswordAuthentication ("user", "password".toCharArray());
        }
    }

Open in new window

but I'm not making much sense of that. If that's what I should use, perhaps an example would help.

I could do a kludgy solution by having my jsp program create and execute a script containing:
ssh ADhost ntlm_auth --username=user --password=pass

Open in new window

and capture the returned NT_STATUS text. If there is nothing else, I could do that, but I'd rather be more "sophisticated".
LVL 1
jmarkfoleyAsked:
Who is Participating?
 
jmarkfoleyAuthor Commented:
OK, since we've all lost interest in the java solution on this, I've created a command line kludge that is compact and works. Perhaps I can revisit this some day to figure out why my more orthodox java code won't compile.

What I did was to create a tomcat user on the DC/AD host (same as the user that runs the jsp apps on the web server). Inside the .jsp program I wrote the following to a text file:

ntlm.write("ssh tomcat@mail ntlm_auth --username=\"" + request.getParameter("userId") +
      "\" --password=\"" + request.getParameter("password") + "\" 2>&1 > " + ntlmPath + ".out\n");

I set that to executable and ran it with Runtime.getRuntime().exec(command). Then I collected the results from the .out file to which I had redirected the command output.

This works relatively quickly (no noticable delay from the user's perspective) and has worked perfectly for many weeks now.

Certainly a kludge, but in the absence of being able to figure out how to compile the wholly java solutions it does the trick.
0
 
ariohCommented:
You can try Jespa or Waffle (if you run on Windows)
0
 
jmarkfoleyAuthor Commented:
Nope, running on Linux.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Sharon SethCommented:
Most probably , you should do this by utilising LDAP , but not sure how exactly . But then , did you check this :
http://www.javaxt.com/Tutorials/Windows/How_to_Authenticate_Users_with_Active_Directory
0
 
ariohCommented:
My "if you run on Windows" was for Waffle. Jespa is platform independent and it should work on Linux.
0
 
jmarkfoleyAuthor Commented:
arioh: Sorry, I didn't get that your "Windows" comment applied to Waffle only. I'm downloading Jespa now and will experiment.

Sharon Seth: That link looks interesting and (relatively) compact. All I need is Authentication and Jespa might be overkill -- if I can get it to work. The ActiveDirectory.java source listed on the link site compiled with an odd warning I've not see before:
$ javac ActiveDirectory.java
Note: ActiveDirectory.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

Open in new window

Running with the recommended -Xlint:unchecked gives:
ActiveDirectory.java:88: warning: [unchecked] unchecked call to put(K,V) as a member of the raw type Hashtable
        props.put(Context.SECURITY_PRINCIPAL, principalName);
                 ^
  where K,V are type-variables:
    K extends Object declared in class Hashtable
    V extends Object declared in class Hashtable
:

Open in new window

and 3 more similar warnings on the pros.put() function ... which is equally unintelligible to me. Also, the compile results in 4 class files:

ActiveDirectory.class
ActiveDirectory$User.class
ActiveDirectory$User$2.class
ActiveDirectory$User$1.class

I've created jarfiles and such, but never really seen this kind of compile results. Suggestion on what to do with them? Put them all into a jarfile?
0
 
jmarkfoleyAuthor Commented:
I'm experimenting with the ActiveDirectory.java code in Sharon Seth's link, but classpaths and jarfiles continuously stump me. I've put the class files shown in my previous post into the directory ActiveDirectory/ and create a jarfile - ActiveDirectory.jar. I could use some java coding help to get this referenced properly:
$ cp ActiveDirecotry*.class ActiveDirectory/
$ jar -cvf ActiveDirectory.jar ActiveDirecotry

>jar tvf ActiveDirectory.jar
     0 Wed Feb 04 11:56:20 EST 2015 META-INF/
    68 Wed Feb 04 11:56:20 EST 2015 META-INF/MANIFEST.MF
     0 Wed Feb 04 11:55:56 EST 2015 ActiveDirectory/
   520 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory$User$1.class
   705 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory$User$2.class
  4507 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory$User.class
  5347 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory.class

Open in new window

I then created a test program:
import ActiveDirectory.*;

class testActiveDirectory {

public static void main(String[] args)
{
    try{
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ctx.close();
    }
    catch(Exception e){
        //Failed to authenticate user!
        e.printStackTrace();
    }
}
}

Open in new window

added the jarfile to my classpath:
export CLASSPATH=$CLASSPATH:$HOME/java/ActiveDirectory.jar

Open in new window

And tried to compile the test program:
javac testActiveDirectory.java
testActiveDirectory.java:9: error: cannot find symbol
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ^
  symbol:   class LdapContext
  location: class testActiveDirectory
testActiveDirectory.java:9: error: cannot access ActiveDirectory
        LdapContext ctx = ActiveDirectory.getConnection("bob", "password","domain");
                          ^
  bad class file: /home/mfoley/java/ActiveDirectory.jar(ActiveDirectory/ActiveDirectory.class)
    class file contains wrong class: javaxt.security.ActiveDirectory
    Please remove or make sure it appears in the correct subdirectory of the classpath.
2 errors

Open in new window

So, my first hurdle is lack of expertise in java. Could one of you gurus tell me what I'm doing wrong here?
0
 
ariohCommented:
You have wrong package (jar) structure for ActiveDirectory.jar
$ cp ActiveDirecotry*.class javaxt/security/
$ jar -cvf ActiveDirectory.jar javaxt

Open in new window

0
 
jmarkfoleyAuthor Commented:
OK, I see, because of the "package javaxt.sercurity;" in the first line of the ActiveDirectory.java program.

Still errors. Is my import statement wrong? The ActiveDirectory.java program does import javax.naming.ldap.LdapContext in line 12.

program:
import javaxt.security.ActiveDirectory.*;

class testActiveDirectory {

public static void main(String[] args)
{
    try{
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ctx.close();
    }
    catch(Exception e){
        //Failed to authenticate user!
        e.printStackTrace();
    }
}
}

Open in new window

errors:
$ javac testActiveDirectory.java
testActiveDirectory.java:9: error: cannot find symbol
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ^
  symbol:   class LdapContext
  location: class testActiveDirectory
testActiveDirectory.java:9: error: cannot find symbol
        LdapContext ctx = ActiveDirectory.getConnection("user", "password");
                          ^
  symbol:   variable ActiveDirectory
  location: class testActiveDirectory
2 errors

Open in new window

0
 
jmarkfoleyAuthor Commented:
I figured out a working solution not related to the proposed solutions. I could not get the proposed solutions to work and received no further ideas on how to get them to work.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.