aspose file tools*
The moose likes Security and the fly likes LDAP Question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "LDAP Question" Watch "LDAP Question" New topic
Author

LDAP Question

Kumar Saravanan
Ranch Hand

Joined: Aug 25, 2004
Posts: 40
Hi

One of the application which I am working on has the login page through which enters their userid and password and their informations are validated against the database. If validation is successful then user can able to see the other part of the application.

Currently system has a static menu (HTML menu). I need to dynamically build the menu based on the user role mentioned in LDAP. Users are assigned specific roles and all the roles are available in the LDAP Server.

For example, If Users are assigned to administrator roles then I need to show the "Add User" and "Remove User" menu.

Question :-

Can I use servlets to connect to the LDAP Server after the user authentication from my application or suggest me what is the best way to do that.

Thanks,
Kumar.S
Kumar Saravanan
Ranch Hand

Joined: Aug 25, 2004
Posts: 40
Hi Guys

Can you please post your valuable suggestions to my query.

Thanks,
Kumar.S
Lin Feng
Ranch Hand

Joined: Dec 11, 2002
Posts: 142
You can use isUserInRole() directly to achieve it.

Lin
Kumar Saravanan
Ranch Hand

Joined: Aug 25, 2004
Posts: 40
Hi LIN

Thanks for your response. Can you please clear my doubt (this may be a very basic question). How do my servlet know whether the particular role exists in LDAP.

Thanks,
Kumar.S
Lin Feng
Ranch Hand

Joined: Dec 11, 2002
Posts: 142
I am not an LDAP expert. However the dependency on LDAP can be removed. It is possible in your application, the LDAP is the only solution for the authentication and authroization. If you can use isUserInRole , it means you are using Container managed authroization and authentication. Based on that assumption, the servlet should not get to know where is the LDAP server.

To show which page for which role is a business pure issue. It is predetermined in the design.

If I had this issue, it is possible I would design a role -> display page mapping config file. Or to see if there is anything available in the current framework for it. Based on that , the servlet just read the config information from a java bean and test if the user is in the role and what should be the next page.

If one day the Realm was changed to Database realm , the code would not have to be changed.

Just my 2 cents

Thanks

Lin
Sarang Rao
Greenhorn

Joined: Aug 21, 2002
Posts: 2
Hi Kumar,
We have a very similar setup in place.
Just to give you a brief explanation.

Consider each menu item as a security object. Each object has access depending on the roles.
You would also have a mapping of security objects with roles. This is database driven.

Once the user logs in, you can figure out his roles for that application and get the access of all the objects registered under that application.
We save this set of permissions as a collection in ldap so that we don't have to look up everytime a menu / object has to be rendered.

I'm not getting into the details of implementing the same. You might want to try out different options.
Hope this helps.

Thanks
Sarang


Sarang Rao<br />Ph: 91 9845077902
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: LDAP Question