Authenticating users using an exsiting ldap server in a java web application
Question
I'm working on a java web application for which login should be authenticated using an existing ldap server. I do not need information of the user to be taken from the server. I only need to check whether the username and password exist in ldap. I use tomcat server for the web application.
This is something I found searching the internet which should be included in the server.xml file with relevant parameters in tomcat server. I did everything said in this particular guide.
source http://ldapwiki.willeke.com/wiki/Tomcat%20And%20LDAP
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="10"
connectionURL="ldaps://192.168.0.8:636"
alternateURL="ldap://192.168.0.7:636"
userBase="ou=people,dc=willeke,dc=com"
userSearch="(cn={0})"
userSubtree="true"
userRoleName="dictcrole"
connectionName="cn=admin,ou=...,dc=willeke,dc=com"
connectionPassword="removed"
/>
I don't have much understanding about xml and servers. Can someone guide me to do this with a servlet?
2 answers
solution1
2 2015-12-19 08:48:16
There are several libraries
Import one: in netbeans: like that: How to use .jar files in NetBeans?
You can use: unboundid sdk
imports:
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchScope;
You do a connection:
LDAPConnection ldap = new LDAPConnection("ldap.example.com", 389);
You search for your username
SearchResult sr = ldap.search("dc=People,dc=example,dc=com", SearchScope.SUB, "(uid=" + username + ")");
if (sr.getEntryCount() == 0)
System.out.println("KO");
you get the distinguished name:
String dn = sr.getSearchEntries().get(0).getDN();
then, for the password, one solution: to connect:
ldap = new LDAPConnection("ldap.example.com", 389, dn, password);
There is also javax.naming
See this: https://www.ldap.com/unboundid-ldap-sdk-for-java
this also: How do a LDAP search/authenticate against this LDAP in Java
solution2
0 2015-12-20 12:18:30
If you are using an application on Tomcat you can as the link you provided, use "Realm Authentication" will work.
You needless to say have to apply your specific implementation details to the Realm Configuration and then declare the Security Constraints for the application.
"Realm Authentication" would require NO changes to the application and no program be written.
For ONLY checking is the user exists, here is a more general configuration you might want to start with: (in you WEB App web.xml)
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="tomcat-demo" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<servlet>
<servlet-name>TestServlet</servlet-name>
<servlet-class>test.TestServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TestServlet</servlet-name>
<url-pattern>/test</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Wildcard means whole app requires authentication</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<!-- a * implies any user that can authenticate -->
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>
Of course you again need to modify to your specific implementation.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.