What I have done is incorporate Windows2000 groups as the "workspace" piece you are referring to. The Windows user ID must be created in order to authenticate into active directory anyway, so why not create group structures in active directory?
I would not keep a Windows password as a key in a database file. The user name would be OK. Passwords can be and should be changed at will by the user. No one else should know or be able to reference them.
Here is a simple method that can be placed in a class that would provide authentication to an active directory.
Note that Windows2000 active directory requires the user name to be in a
user@domain.com format. Change the domain
string to your domain.
Note that the providerURL must be the name of your server that houses the active directory. Change server.domain.com to your server name. Also change the "dc=" structures just after it.
In your class, you will need to import:
javax.naming.directory.*;
javax.naming.ldap.*;
javax.naming.*;
java.util.*;
This should work. This method is just part of a class that I call AuthenticateUser. Other methods I have in this will also look up group information which is more complex depending on your Windows group structure, but doable.
A great tool that I found to view the active directory along with all those funny "dc" and "ou" codes is called the LDAP Browser\Edtior at
LDAP Browser\Editor. I found this immensely helpful while researching this topic. It is a
java app, and I run it on my Linux box. Should run on Windows too.
Hope this helps.
--Tim