Skip to main content

best practices for java authentication via LDAP

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.dash.ejb.login;

import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.SizeLimitExceededException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class MyLdapAuthinticator {
   
private static String LDAP_SERVER="ldap server ip";
    private static String LDAP_SERVER_PORT="ldap server port";
    private static String LDAP_BASE_DN="dc=domain name,dc=com";
    private static String LDAP_BIND_DN="CN=ldap power user,CN=Users,DC=domain name,DC=com";
    private static String LDAP_BIND_PASSWORD="ldap power user password";
   

   
    public static Boolean validateLogin(String userName, String userPassword) {
    Hashtable<String, String> env = new Hashtable<String, String>();


    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://" + LDAP_SERVER + ":" + LDAP_SERVER_PORT + "/" + LDAP_BASE_DN);

    // To get rid of the PartialResultException when using Active Directory
    env.put(Context.REFERRAL, "follow");

    // Needed for the Bind (User Authorized to Query the LDAP server)
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, LDAP_BIND_DN);
    env.put(Context.SECURITY_CREDENTIALS, LDAP_BIND_PASSWORD);

    DirContext ctx;
    try {
       ctx = new InitialDirContext(env);
    } catch (NamingException e) {
       throw new RuntimeException(e);
    }

    NamingEnumeration<SearchResult> results = null;

    try {
       SearchControls controls = new SearchControls();
       controls.setSearchScope(SearchControls.SUBTREE_SCOPE); // Search Entire Subtree
       controls.setCountLimit(1);   //Sets the maximum number of entries to be returned as a result of the search
       controls.setTimeLimit(5000); // Sets the time limit of these SearchControls in milliseconds

       String searchString = "(&(objectCategory=user)(sAMAccountName=" + userName + "))";

       results = ctx.search("", searchString, controls);

       if (results.hasMore()) {

           SearchResult result = (SearchResult) results.next();
           Attributes attrs = result.getAttributes();
           Attribute dnAttr = attrs.get("distinguishedName");
           String dn = (String) dnAttr.get();

           // User Exists, Validate the Password

           env.put(Context.SECURITY_PRINCIPAL, dn);
           env.put(Context.SECURITY_CREDENTIALS, userPassword);

           new InitialDirContext(env); // Exception will be thrown on Invalid case
           return true;
       }
       else
           return false;

    } catch (AuthenticationException e) { // Invalid Login

        return false;
    } catch (NameNotFoundException e) { // The base context was not found.

        return false;
    } catch (SizeLimitExceededException e) {
        throw new RuntimeException("LDAP Query Limit Exceeded, adjust the query to bring back less records", e);
    } catch (NamingException e) {
       throw new RuntimeException(e);
    } finally {

       if (results != null) {
          try { results.close(); } catch (Exception e) { /* Do Nothing */ }
       }

       if (ctx != null) {
          try { ctx.close(); } catch (Exception e) { /* Do Nothing */ }
       }
    }
}  
   
}

Comments

Post a Comment

Popular posts from this blog

Installing liferay 6.2 on wildfly 10 app server and oracle 11g database & windows machine

*************************************DATABASE CREATION*********************************************************************************************** DOWNLOAD LIFERAY PORTAL SCRIPTS FROM https://www.liferay.com/downloads/liferay-portal/available-releases Rename the file as liferay.sql put it let say in under c drive , so it will be located like this  c:\liferay.sql from cmd dir c:\ SQLPLUS / AS SYSDBA @liferay.sql lportal lportal it will create the db ..after finishing go to sqlplus again to ggrant the below  to lportal user SQLPLUS / AS SYSDBA grant create session to lportal; grant connect to lportal; grant resource to lportal; *******************************CONFIGURE WILDFLY TO CONNECT TO ORACLE DB *****************************************************************************************************  configure wildfly to connect to oracle db Download the driver: ojdbc[VERSION].jar Create subfolders [WILDFLY_HOME]/modules/system/layers/base/com/o...
7 comments
Read more

Liferay Migration form 5.2.3 to 6.2

Liferay Migration form 5.2.3 to 6.2 Liferay Migration from 5.2.3. to 6.2 Step 1. Migration to 6.0.6 1. Create 5.2.3 DB dump (db.sql). 2. Create database for LR 6.0.6 (db606). 3. Load 5.2.3 dump into 6.0.6 database: mysql -uroot -p1 db606 < db.sql; Delete all database views (if any). 4. Unzip clean Liferay 6.0.6. 5. Delete all folders from ' webapps ' (except ' ROOT ' and ' tunnel-web '); delete jre from tomcat folder. 6. Copy 'data' folder from Liferay 5.2.3 to Liferay 6.0.6. 7. Startup Liferay 6.0.6 (with default Hypersonic database settings). 8. Shutdown Liferay 6.0.6. 9. Create  portal-ext.properties  file: jdbc.default.driverClassName=com.mysql.jdbc.Driver jdbc.default.url=jdbc:mysql://localhost:3306/db606?useUnicode=true&characterEncoding=UTF-8&useFastDateParsing=false jdbc.default.username=root jdbc.default.password=1 permissions.user.check.algorithm=5 image.hook.impl=com....
1 comment
Read more

windows 7 fix "user profile has failed and loading the default profile"

thanks to microsoft support i fixed that issue in my windows 7 link   http://support.microsoft.com/kb/947215 Symptoms When you log on to a Windows 7-based or a Windows Vista-based computer by using a temporary profile, you receive the following error message: The User Profile Service failed the logon. User profile cannot be loaded. Back to the top  |  Give Feedback Resolution Occasionally, Windows might not read your user profile correctly, such as if your antivirus software is scanning your computer while you try to log on. Before you follow the methods here, try restarting your computer and logging on with your user account again to resolve the issue. If you restart your computer and it does not resolve this issue, use the following methods to resolve this issue. Note  You must be able to log on to an administrator account to fix your user profile or copy your data to a new account. Before you resolve the issue, log on to Windows by u...
Post a Comment
Read more