Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to get user credentials from LDAP using Apache Tomacet JNDIRealm

 
ganesh boil
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
recently i have been started to make a POC on Apache Tomcat JNDIRealm.
For this i have followed the tutorial available at

http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm and

http://viralpatel.net/blogs/2008/12/implement-ldap-authentication-in-tomcat-jboss-server-for-java-app.html

I have created a couple of users and groups in openldap. And configures server.xml in tomcat as suggested in the above link.
And configured web.xml in my j2ee application as suggested in the second url.

Now my question is how to get the user credentials in .java file where i have login() method.
So can anyone suggest me how to get user name and password from ldap using thios Tomcat JNDIRealm.

Any sample code is more helpful.

Thanks in advance.

regards,
Ganesh
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18214
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
When you use web.xml to define security, you're offloading security to your web application container. Which is as it should be if you intend to authenticate and authorize via a Tomcat Security Realm.

However, container-managed security means exactly that. You don't write your own login code, the container manages the login. The user ID and password are never directly accessible by the application. Which is also good, since if someone hacks the application, they cannot plunder it for login information.

The closest thing you'll have is the User Principal object, which is constructed by the Realm when the user is logged in. You can obtain a reference to this by invoking getUserPrincipal() on your request object. Usually the userID will be the ID in the principal, although I suppose a Realm could supply any unique identifier it wanted to.

In accordance with good security mearures, the password isn't visible at all, and in fact, isn't sent back to Tomcat in most cases. The SQL equivalent is:

In a case like this, if the correct password was supplied, the return count will be nonzero (hopefully it will be 1!). An invalid user ID or password would return back zero, without giving any hints to hackers as to what a valid user ID or password might be.
 
ganesh boil
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Holloway,

thnaks for your response. can you have a loot into my full post at http://www.coderanch.com/t/463042/Security/redirect-success-page-tomcat-using

Regards,
Ganesh
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic