wood burning stoves 2.0*
The moose likes Security and the fly likes how an LDAP could be used for authorization? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "how an LDAP could be used for authorization?" Watch "how an LDAP could be used for authorization?" New topic
Author

how an LDAP could be used for authorization?

raminaa niilian
Ranch Hand

Joined: Jul 14, 2005
Posts: 551
Hi
Thank you for reading my post.
can you please tell me how an LDAP could be used for authorization?
I know about authentication, we can use userid and password stored in LDAP for authentication but authorization means to check a user right for accessing a resource.

My question is :
Authorization require to define roles and then we should define which roles has access to which resources.

how this could be done in a j2ee application and LDAP ?


Thanks
Darya Akbari
Ranch Hand

Joined: Aug 21, 2004
Posts: 1855
Hi Raminaa,

Security in J2EE is done declaratively in the deployment descriptor. Be it J2EE's EJB or Servlet container, both containers give you a way through their respective deployment descriptors to do authorization. The definition of roles is also done there.

From the point of EJB and Servlet, there is nothing said about LDAP in both specs. LDAP is more for authentication than authorization. Hence the authentication in J2EE is vendor specific.

So each J2EE application server vendor has its own implementation for security. They may have a security in place which runs over LDAP.

LDAP becomes interesting when you write your own application's user managemet where you want to create users, groups and roles and assign them to each other. You could use LDAP to retrieve all users, groups and roles from an external LDAP enabled directory service.

In case you really want to dive into that matter, see my recommendations for J2EE Security and LDAP :

LDAP Programming:


J2EE's EJB:


J2EE's Servlet:


Regards,
Darya


SCJP, SCJD, SCWCD, SCBCD
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Authorization is all about what a user/subject can and cannot do and this comes in the form of roles.You can stoere logical roles in LDAP and then can use JAAS for both authrntication and authorization.After authentication you can populate the subject with roles that the user has and this information you can store in LDAP.


Rahul Bhattacharjee
LinkedIn - Blog
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how an LDAP could be used for authorization?
 
Similar Threads
Federated repositories on WAS 7
Container Managed Security on Tomcat - configuring different auth-methods
Migrating JAAS from JBoss to Websphere 6.1
mapping roles to users in declarative security
User log-in process