Two Laptop Bag
The moose likes Security and the fly likes how an LDAP could be used for authorization? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "how an LDAP could be used for authorization?" Watch "how an LDAP could be used for authorization?" New topic

how an LDAP could be used for authorization?

raminaa niilian
Ranch Hand

Joined: Jul 14, 2005
Posts: 551
Thank you for reading my post.
can you please tell me how an LDAP could be used for authorization?
I know about authentication, we can use userid and password stored in LDAP for authentication but authorization means to check a user right for accessing a resource.

My question is :
Authorization require to define roles and then we should define which roles has access to which resources.

how this could be done in a j2ee application and LDAP ?

Darya Akbari
Ranch Hand

Joined: Aug 21, 2004
Posts: 1855
Hi Raminaa,

Security in J2EE is done declaratively in the deployment descriptor. Be it J2EE's EJB or Servlet container, both containers give you a way through their respective deployment descriptors to do authorization. The definition of roles is also done there.

From the point of EJB and Servlet, there is nothing said about LDAP in both specs. LDAP is more for authentication than authorization. Hence the authentication in J2EE is vendor specific.

So each J2EE application server vendor has its own implementation for security. They may have a security in place which runs over LDAP.

LDAP becomes interesting when you write your own application's user managemet where you want to create users, groups and roles and assign them to each other. You could use LDAP to retrieve all users, groups and roles from an external LDAP enabled directory service.

In case you really want to dive into that matter, see my recommendations for J2EE Security and LDAP :

LDAP Programming:


J2EE's Servlet:


Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Authorization is all about what a user/subject can and cannot do and this comes in the form of roles.You can stoere logical roles in LDAP and then can use JAAS for both authrntication and authorization.After authentication you can populate the subject with roles that the user has and this information you can store in LDAP.

Rahul Bhattacharjee
LinkedIn - Blog
I agree. Here's the link:
subject: how an LDAP could be used for authorization?
jQuery in Action, 3rd edition