Authenticating users using an exsiting ldap server in a java web application

Question

I'm working on a java web application for which login should be authenticated using an existing ldap server. I do not need information of the user to be taken from the server. I only need to check whether the username and password exist in ldap. I use tomcat server for the web application.

This is something I found searching the internet which should be included in the server.xml file with relevant parameters in tomcat server. I did everything said in this particular guide.

source http://ldapwiki.willeke.com/wiki/Tomcat%20And%20LDAP

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="10"
                                connectionURL="ldaps://192.168.0.8:636"
                                alternateURL="ldap://192.168.0.7:636"
                                userBase="ou=people,dc=willeke,dc=com"
                                userSearch="(cn={0})"
                                userSubtree="true"
                                userRoleName="dictcrole"
                                connectionName="cn=admin,ou=...,dc=willeke,dc=com"
                                connectionPassword="removed"
                />

I don't have much understanding about xml and servers. Can someone guide me to do this with a servlet?

If you found it "searching the internet", please add a link to the source. Also, add the Java code you've been trying to use. — Agostino, Dec 19 '15 at 08:16
I added it sir. I did what was in the source although I did not understand it. — abc123, Dec 19 '15 at 08:38

score 2 · Answer 1 · edited May 23 '17 at 12:07

2

There are several libraries

Import one: in netbeans: like that: How to use .jar files in NetBeans?

You can use: unboundid sdk

imports:

import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.SearchResult;
import com.unboundid.ldap.sdk.SearchScope;

You do a connection:

  LDAPConnection ldap = new LDAPConnection("ldap.example.com", 389);

You search for your username

    SearchResult sr = ldap.search("dc=People,dc=example,dc=com", SearchScope.SUB, "(uid=" + username + ")");
    if (sr.getEntryCount() == 0)
        System.out.println("KO");

you get the distinguished name:

    String dn = sr.getSearchEntries().get(0).getDN();

then, for the password, one solution: to connect:

   ldap = new LDAPConnection("ldap.example.com", 389, dn, password);

There is also javax.naming

See this: https://www.ldap.com/unboundid-ldap-sdk-for-java

https://code.google.com/p/ldap-sample-code/source/browse/trunk/src/main/java/samplecode/bind/SimpleBindExample.java

this also: How do a LDAP search/authenticate against this LDAP in Java

edited May 23 '17 at 12:07

Community

1
1

answered Dec 19 '15 at 08:48

guillaume girod-vitouchkina

3,061
1
10
26

Don't I need to change the server.xml? – abc123 Dec 19 '15 at 09:22
ldap is a protocol different of "web" protocol (http), and derivatives (web service, soap). This API connect directly to the server. But you have to use the good parameters in you xml. – guillaume girod-vitouchkina Dec 19 '15 at 09:24
Netbeans says that package com.unboundid.ldap.sdk does not exist – abc123 Dec 19 '15 at 10:09
Yes sir. But in the imports it shows an error saying package com.unboundid.ldap.sdk does not exists. I'm using netbeans. Do I have to install something? – abc123 Dec 19 '15 at 10:27
@abc123 : usage of netbeans added in my answer. – guillaume girod-vitouchkina Dec 19 '15 at 10:55
Thanks. I added the unboundid jar file. – abc123 Dec 19 '15 at 12:42

score 0 · Answer 2 · answered Dec 20 '15 at 12:18

If you are using an application on Tomcat you can as the link you provided, use "Realm Authentication" will work.

You needless to say have to apply your specific implementation details to the Realm Configuration and then declare the Security Constraints for the application.

"Realm Authentication" would require NO changes to the application and no program be written.

For ONLY checking is the user exists, here is a more general configuration you might want to start with: (in you WEB App web.xml)

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="tomcat-demo" version="2.4"
    xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <servlet>
        <servlet-name>TestServlet</servlet-name>
        <servlet-class>test.TestServlet</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>TestServlet</servlet-name>
        <url-pattern>/test</url-pattern>
    </servlet-mapping>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>Wildcard means whole app requires authentication</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
        </web-resource-collection>
        <!-- a * implies any user that can authenticate -->
        <auth-constraint>
            <role-name>*</role-name>
        </auth-constraint>

        <user-data-constraint>
            <!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    <login-config>
        <auth-method>BASIC</auth-method>
    </login-config>

</web-app>

Of course you again need to modify to your specific implementation.

Authenticating users using an exsiting ldap server in a java web application

2 Answers2