One of the application which I am working on has the login page through which enters their userid and password and their informations are validated against the database. If validation is successful then user can able to see the other part of the application.
Currently system has a static menu (HTML menu). I need to dynamically build the menu based on the user role mentioned in LDAP. Users are assigned specific roles and all the roles are available in the LDAP Server.
For example, If Users are assigned to administrator roles then I need to show the "Add User" and "Remove User" menu.
Can I use servlets to connect to the LDAP Server after the user authentication from my application or suggest me what is the best way to do that.
Joined: Aug 25, 2004
Can you please post your valuable suggestions to my query.
You can use isUserInRole() directly to achieve it.
Joined: Aug 25, 2004
Thanks for your response. Can you please clear my doubt (this may be a very basic question). How do my servlet know whether the particular role exists in LDAP.
Joined: Dec 11, 2002
I am not an LDAP expert. However the dependency on LDAP can be removed. It is possible in your application, the LDAP is the only solution for the authentication and authroization. If you can use isUserInRole , it means you are using Container managed authroization and authentication. Based on that assumption, the servlet should not get to know where is the LDAP server.
To show which page for which role is a business pure issue. It is predetermined in the design.
If I had this issue, it is possible I would design a role -> display page mapping config file. Or to see if there is anything available in the current framework for it. Based on that , the servlet just read the config information from a java bean and test if the user is in the role and what should be the next page.
If one day the Realm was changed to Database realm , the code would not have to be changed.
Hi Kumar, We have a very similar setup in place. Just to give you a brief explanation.
Consider each menu item as a security object. Each object has access depending on the roles. You would also have a mapping of security objects with roles. This is database driven.
Once the user logs in, you can figure out his roles for that application and get the access of all the objects registered under that application. We save this set of permissions as a collection in ldap so that we don't have to look up everytime a menu / object has to be rendered.
I'm not getting into the details of implementing the same. You might want to try out different options. Hope this helps.