Skip to main content

best practices for java authentication via LDAP

/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.dash.ejb.login;

import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NameNotFoundException;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.SizeLimitExceededException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
public class MyLdapAuthinticator {
   
private static String LDAP_SERVER="ldap server ip";
    private static String LDAP_SERVER_PORT="ldap server port";
    private static String LDAP_BASE_DN="dc=domain name,dc=com";
    private static String LDAP_BIND_DN="CN=ldap power user,CN=Users,DC=domain name,DC=com";
    private static String LDAP_BIND_PASSWORD="ldap power user password";
   

   
    public static Boolean validateLogin(String userName, String userPassword) {
    Hashtable<String, String> env = new Hashtable<String, String>();


    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://" + LDAP_SERVER + ":" + LDAP_SERVER_PORT + "/" + LDAP_BASE_DN);

    // To get rid of the PartialResultException when using Active Directory
    env.put(Context.REFERRAL, "follow");

    // Needed for the Bind (User Authorized to Query the LDAP server)
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, LDAP_BIND_DN);
    env.put(Context.SECURITY_CREDENTIALS, LDAP_BIND_PASSWORD);

    DirContext ctx;
    try {
       ctx = new InitialDirContext(env);
    } catch (NamingException e) {
       throw new RuntimeException(e);
    }

    NamingEnumeration<SearchResult> results = null;

    try {
       SearchControls controls = new SearchControls();
       controls.setSearchScope(SearchControls.SUBTREE_SCOPE); // Search Entire Subtree
       controls.setCountLimit(1);   //Sets the maximum number of entries to be returned as a result of the search
       controls.setTimeLimit(5000); // Sets the time limit of these SearchControls in milliseconds

       String searchString = "(&(objectCategory=user)(sAMAccountName=" + userName + "))";

       results = ctx.search("", searchString, controls);

       if (results.hasMore()) {

           SearchResult result = (SearchResult) results.next();
           Attributes attrs = result.getAttributes();
           Attribute dnAttr = attrs.get("distinguishedName");
           String dn = (String) dnAttr.get();

           // User Exists, Validate the Password

           env.put(Context.SECURITY_PRINCIPAL, dn);
           env.put(Context.SECURITY_CREDENTIALS, userPassword);

           new InitialDirContext(env); // Exception will be thrown on Invalid case
           return true;
       }
       else
           return false;

    } catch (AuthenticationException e) { // Invalid Login

        return false;
    } catch (NameNotFoundException e) { // The base context was not found.

        return false;
    } catch (SizeLimitExceededException e) {
        throw new RuntimeException("LDAP Query Limit Exceeded, adjust the query to bring back less records", e);
    } catch (NamingException e) {
       throw new RuntimeException(e);
    } finally {

       if (results != null) {
          try { results.close(); } catch (Exception e) { /* Do Nothing */ }
       }

       if (ctx != null) {
          try { ctx.close(); } catch (Exception e) { /* Do Nothing */ }
       }
    }
}  
   
}

Comments

Post a Comment

Popular posts from this blog

Installing liferay 6.2 on wildfly 10 app server and oracle 11g database & windows machine

*************************************DATABASE CREATION*********************************************************************************************** DOWNLOAD LIFERAY PORTAL SCRIPTS FROM https://www.liferay.com/downloads/liferay-portal/available-releases Rename the file as liferay.sql put it let say in under c drive , so it will be located like this  c:\liferay.sql from cmd dir c:\ SQLPLUS / AS SYSDBA @liferay.sql lportal lportal it will create the db ..after finishing go to sqlplus again to ggrant the below  to lportal user SQLPLUS / AS SYSDBA grant create session to lportal; grant connect to lportal; grant resource to lportal; *******************************CONFIGURE WILDFLY TO CONNECT TO ORACLE DB *****************************************************************************************************  configure wildfly to connect to oracle db Download the driver: ojdbc[VERSION].jar Create subfolders [WILDFLY_HOME]/modules/system/layers/base/com/o...
7 comments
Read more

windows 7 fix "user profile has failed and loading the default profile"

thanks to microsoft support i fixed that issue in my windows 7 link   http://support.microsoft.com/kb/947215 Symptoms When you log on to a Windows 7-based or a Windows Vista-based computer by using a temporary profile, you receive the following error message: The User Profile Service failed the logon. User profile cannot be loaded. Back to the top  |  Give Feedback Resolution Occasionally, Windows might not read your user profile correctly, such as if your antivirus software is scanning your computer while you try to log on. Before you follow the methods here, try restarting your computer and logging on with your user account again to resolve the issue. If you restart your computer and it does not resolve this issue, use the following methods to resolve this issue. Note  You must be able to log on to an administrator account to fix your user profile or copy your data to a new account. Before you resolve the issue, log on to Windows by u...
Post a Comment
Read more

oracle drop all tables and sequences in a certain schema

--  please never put a comment starting with " / "  as this character means execute the previous line  BEGIN   FOR i IN (SELECT us.sequence_name               FROM USER_SEQUENCES us) LOOP     EXECUTE IMMEDIATE 'drop sequence '|| i.sequence_name ||'';   END LOOP;     FOR i IN (SELECT ut.table_name               FROM USER_TABLES ut) LOOP     EXECUTE IMMEDIATE 'drop table '|| i.table_name ||' CASCADE CONSTRAINTS ';   END LOOP; END; -- the following character executes the whole block of pl sql code /
4 comments
Read more