Win a copy of Head First Android this week in the Android forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

how an LDAP could be used for authorization?

 
Ranch Hand
Posts: 551
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
Thank you for reading my post.
can you please tell me how an LDAP could be used for authorization?
I know about authentication, we can use userid and password stored in LDAP for authentication but authorization means to check a user right for accessing a resource.

My question is :
Authorization require to define roles and then we should define which roles has access to which resources.

how this could be done in a j2ee application and LDAP ?


Thanks
 
Ranch Hand
Posts: 1855
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Raminaa,

Security in J2EE is done declaratively in the deployment descriptor. Be it J2EE's EJB or Servlet container, both containers give you a way through their respective deployment descriptors to do authorization. The definition of roles is also done there.

From the point of EJB and Servlet, there is nothing said about LDAP in both specs. LDAP is more for authentication than authorization. Hence the authentication in J2EE is vendor specific.

So each J2EE application server vendor has its own implementation for security. They may have a security in place which runs over LDAP.

LDAP becomes interesting when you write your own application's user managemet where you want to create users, groups and roles and assign them to each other. You could use LDAP to retrieve all users, groups and roles from an external LDAP enabled directory service.

In case you really want to dive into that matter, see my recommendations for J2EE Security and LDAP :

LDAP Programming:


J2EE's EJB:


J2EE's Servlet:


Regards,
Darya
 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Authorization is all about what a user/subject can and cannot do and this comes in the form of roles.You can stoere logical roles in LDAP and then can use JAAS for both authrntication and authorization.After authentication you can populate the subject with roles that the user has and this information you can store in LDAP.
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic