Ramesh James

Greenhorn
+ Follow
since Jan 12, 2010
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Ramesh James

Hello,
I am bit fresher to Spring-Security/LDAP. Here I am try to connect to my company's Active directory server through Spring Security, but I am getting null for ldapTemplate in my TaxUserAuthenticate class which mean I am not able to connect to AD. Please find the below code. I am sure there must be problem in my configuration file however I am not able to figure out the problem. I have writen the below piece of code in /WEB-INF/tax-servlet.xml which used for my Spring MVC web application.

Thanks for your help.

<bean id="contextSource" class="org.springframework.security.ldap.DefaultSp ringSecurityContextSource">
<constructor-arg value="ldap://servername.r1-core.r1.xxx.net:389/DC=r1-core,DC=r1,DC=aig,DC=net"/>
<property name="userDn" value="user@r1-core"/>
<property name="password" value="pwwd11"/>
</bean>

<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate" >
<constructor-arg ref="contextSource" />
</bean>

<bean id="myAuthenticator" class="com.xxx.tax.util.TaxUserAuthenticate">
<property name="ldapTemplate" ref="ldapTemplate"/>
</bean>


I also tried to write the code in below way to connect but hard luck.

<!-- LDPA in Spring framework
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapC ontextSource">
<property name="url" value="ldap://servername.r1-core.r1.xxx.net:389/DC=r1-core,DC=r1,DC=aig,DC=net?sAMAccountName?sub?(objec tClass=*)" />
<property name="base" value="OU=R1,DC=r1-core,DC=r1,DC=xxx,DC=net" />
<property name="userDn" value="user@r1-core" />
<property name="password" value="pwwd11" />
</bean>
-->

/**
*
*/
package com.xxx.tax.util;

import org.springframework.ldap.core.LdapTemplate;
import org.springframework.ldap.filter.AndFilter;
import org.springframework.ldap.filter.EqualsFilter;
import java.io.UnsupportedEncodingException;
import org.springframework.ldap.core.DistinguishedName;

public class TaxUserAuthenticate {
private LdapTemplate ldapTemplate;

public void setLdapTemplate(final LdapTemplate ldapTemplate) {
this.ldapTemplate = ldapTemplate;
}

public TaxUserAuthenticate() {
// TODO Auto-generated constructor stub
}

public boolean login(String username, String password){
System.out.println("****username*****"+username+"* ********");
System.out.println("****password*****"+password+"* ********");
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", "person")).and(new EqualsFilter("cn", username));
return ldapTemplate.authenticate(DistinguishedName.EMPTY_ PATH, filter.toString(), password);
}

}
11 years ago
Sorry to say but in my last post I said I need to validate with local window xp users. later on I came to know that I need to validate users with AD (Active Directory). I made changes in server.xml and create new JNDI realm.
Please find the below code for server.xml
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"

connectionURL="ldap://servername.r1-core.r1.xyz.net:389"
connectionName="USERNAME@R1-CORE"
connectionPassword="*******"
referrals="follow"
userPattern="cn={0},DC=r1-core,DC=r1,DC=aig,DC=net"
userSearch="(sAMAccountName={0})"
userRoleName="memberOf"
userSubTree="true"
/>

Here R1-CORE is domin.

I am already user on R1-CORE domain so I have given my name userid & pwd for R1-Core Domain for connectionName & connectionPassword.

Please find the below code for web.xml.
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Sample</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
</web-resource-collection>

<auth-constraint>
<!-- Anyone with one of the listed roles may access this area Active-Directory-Group-Name-->
<role-name>Users</role-name>
</auth-constraint>
</security-constraint>

<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JNDIRealm</realm-name>
</login-config>

<!-- Security roles referenced by this web application -->
<security-role>
<role-name>Users</role-name>
</security-role>

After that I have restarted the tomcat and hit the url http://localhost:8080/Sample/index.html. window throw popup for login. I entered username (R1-CORE\usrname) & pwd(********) and tomcat has thrown below error.

an 14, 2010 11:48:32 AM org.apache.catalina.realm.JNDIRealm authenticate
SEVERE: Exception performing authentication
javax.naming.InvalidNameException: cn=R1-CORE\usrname,DC=r1-core,DC=r1,DC=xyz,DC=net: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece

After that I have restarted the tomcat and hit the url http://localhost:8080/Sample/index.html. window throw popup for login. I entered username (usrname) without domin R1-CORE & pwd(********) and tomcat has not doing any thing. I mean stop all the activity.


Please suggest !!

11 years ago
In simple words I want to acheive this:

· User opens Internet explorer and write the URL to the page hosted on the Tomcat server
· Tomcat asks for user authentication
· Browser prompts user for Windows user name and pwd in dialog box
· Browser sends username and pwd to tomcat· Tomcat recieves user/pwd and validate againest the Windows XP local user account.
. Windows Domain server responds 'user good'
. Tomcat considers user authenticated, send requested page to browser.

Windows XP local user mean to Right Click on - My Computer - Manage- Users & Groups.

11 years ago