aspose file tools*
The moose likes JSF and the fly likes Authentication via an LDAP server Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSF
Bookmark "Authentication via an LDAP server" Watch "Authentication via an LDAP server" New topic
Author

Authentication via an LDAP server

Richard Dennis
Greenhorn

Joined: Nov 05, 2012
Posts: 9
Hey guys i have created a php code that authenticates users via our LDAP server but i now instead of using PHP have to do this through glassfish

here is the working php code :

<?php

$authenticated = false;

# If that wasn't the case, then validate the username and password and set the session up.
if(!$authenticated && $_SERVER['PHP_AUTH_USER'] && $_SERVER['PHP_AUTH_PW']){
$ldap = ldap_connect("ldap://uni.ds.port.ac.uk") or die("Connection to AD failed.");

# This could be username@uni.ds.port.ac.uk instead but then anyone in AD could authenticate.
$username = "CN=".$_SERVER['PHP_AUTH_USER'].",OU=Students,OU=Users,OU=UNI,DC=uni,DC=ds,DC=port,DC=ac,DC=uk";

# Check you can bind with these credentials.
if($bind = ldap_bind($ldap, $username, $_SERVER['PHP_AUTH_PW'])) {
$result = ldap_search($ldap, "OU=Non Admin,OU=Staff,OU=Users,OU=UNI,DC=uni,DC=ds,DC=port,DC=ac,DC=uk", "CN=".$_SERVER['PHP_AUTH_USER']);
if($result){
$authenticated = 1;
}
}
}

# If they aren't already authenticated by now, ask the browser to authenticate them.
if(!$authenticated){
header('WWW-Authenticate: Basic realm="Active Directory Login"');
header('HTTP/1.0 401 Unauthorized');

# This will be output if they press 'cancel' on the prompt.
echo 'You have failed to authenticate. Please login with a valid Active Directory username and password. ('.ldap_error($ldap).')';
exit;
}

?>

Now i have to set up the glassfish sever, i am using netbeans to create a webapp that needs ldap authentication i have used, it is glassfish 3.1.2 btw, below is my code and set up i have used, but i can not get it to authenticate, what am i doing wrong ?

login.xhtml
<h:body>
<form method="post" action="j_security_check">
<p>You need to log in to access protected information.</p>
<table>
<tr>
<td>User name:</td>
<td><input type="text" name="j_username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="j_password" /></td>
</tr>
</table>
<p><input type="submit" value="Login" /></p>
</form>
</h:body>
loginError.xhtml
<h:body>
<p>Sorry--authentication failed. Please try again.</p>
</h:body>
secure/securePage.xhtml
<h:body>
This is a secure page
</h:body>

To create the actual Realm In Glassfish open the admin console (http://localhost:4848 in my dev environment). Select Configurations->server-config->Security->Realms click on new and start putting in the information. Type in a "Realm Name" whatever you want it to be called our case is MYREALM. The JAAS Context must be: ldapRealm the Directory is the ldap host ldap://hostname:389 and the Base DN is simply the DN that holds the users.

In my case it was ou=Company Users,dc=Company,dc=corp.

I left the "Assign Groups" empty.

The Additional properties section has these applicable properties (http://download.oracle.com/docs/cd/E19830-01/819-4712/ablpe/index.html):

search-filter="(sAMAccountName=%s)"
group-base-dn="cn=Application Users,ou=Company Groups,dc=Company,dc=corp"
search-bind-password="password"
group-search-filter="(member=%d)"
search-bind-dn="ldapuser"

Note that I have quotes on these properties. I noticed that I had to put the properties in quotes into the console form in order for it to work. I had to delete and recreate the realm whenever I wanted to make a change because whenever I clicked on "save" the form would append extra quotes to the Properties specific to this Class section.

Once the realm is created you can add the following to your web.xml file in order to use it:

<security-constraint>
<display-name>Application Users</display-name>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description/>
<url-pattern>/faces/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Application Users desc</description>
<role-name>Application Users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MYREALM</realm-name>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/loginError.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>Application Users</role-name>
</security-role>
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Authentication via an LDAP server
 
Similar Threads
isUserInRole always returns false
is it possible through LDAP ??
Change Passwords using JNDI/LDAP
JndiLoginModule and user bind?
is it possible