Win a copy of Node.js Design Patterns: Design and implement production-grade Node.js applications using proven patterns and techniques this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

LDAP Question

 
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

One of the application which I am working on has the login page through which enters their userid and password and their informations are validated against the database. If validation is successful then user can able to see the other part of the application.

Currently system has a static menu (HTML menu). I need to dynamically build the menu based on the user role mentioned in LDAP. Users are assigned specific roles and all the roles are available in the LDAP Server.

For example, If Users are assigned to administrator roles then I need to show the "Add User" and "Remove User" menu.

Question :-

Can I use servlets to connect to the LDAP Server after the user authentication from my application or suggest me what is the best way to do that.

Thanks,
Kumar.S
 
Kumar Saravanan
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Guys

Can you please post your valuable suggestions to my query.

Thanks,
Kumar.S
 
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can use isUserInRole() directly to achieve it.

Lin
 
Kumar Saravanan
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi LIN

Thanks for your response. Can you please clear my doubt (this may be a very basic question). How do my servlet know whether the particular role exists in LDAP.

Thanks,
Kumar.S
 
Lin Feng
Ranch Hand
Posts: 142
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am not an LDAP expert. However the dependency on LDAP can be removed. It is possible in your application, the LDAP is the only solution for the authentication and authroization. If you can use isUserInRole , it means you are using Container managed authroization and authentication. Based on that assumption, the servlet should not get to know where is the LDAP server.

To show which page for which role is a business pure issue. It is predetermined in the design.

If I had this issue, it is possible I would design a role -> display page mapping config file. Or to see if there is anything available in the current framework for it. Based on that , the servlet just read the config information from a java bean and test if the user is in the role and what should be the next page.

If one day the Realm was changed to Database realm , the code would not have to be changed.

Just my 2 cents

Thanks

Lin
 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Kumar,
We have a very similar setup in place.
Just to give you a brief explanation.

Consider each menu item as a security object. Each object has access depending on the roles.
You would also have a mapping of security objects with roles. This is database driven.

Once the user logs in, you can figure out his roles for that application and get the access of all the objects registered under that application.
We save this set of permissions as a collection in ldap so that we don't have to look up everytime a menu / object has to be rendered.

I'm not getting into the details of implementing the same. You might want to try out different options.
Hope this helps.

Thanks
Sarang
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic