Re: WO, Java and Microsoft Active Directory
Re: WO, Java and Microsoft Active Directory
- Subject: Re: WO, Java and Microsoft Active Directory
- From: Arturo Pérez <email@hidden>
- Date: Thu, 9 Feb 2006 22:51:56 -0500
Yes, this is without setting up a model. On MacOSX I see this jar. I
don't really know what other things you may need.
/System/Library/Frameworks/JavaVM.framework/Versions/1.4.2/Home/lib/
ext/ldapsec.jar
-arturo
On Feb 9, 2006, at 10:48 PM, Owen McKerrow wrote:
Thanks Arturo.
So this is without setting up an EOModel of the active directory right
?
What extra classes will I need to import ? Do I need to get any extra
libraries/frameworks ?
Owen
On 10/02/2006, at 2:43 PM, Arturo Pérez wrote:
There's a piece of code Chuck Hill posted a while back that's exactly
this. Here it is (I just needed it yesterday for something else):
======= From Jan 2004
From: email@hidden
Subject: Re: LDAP / Open Directory authentication?
Date: January 4, 2004 1:59:02 PM EST
To: email@hidden, email@hidden
Hi Jesse,
It depends on what you mean by "check and see whether a given
username/password is valid in an Open Directory server". The proper
way to
do this is by attempting to bind to the LDAP server using the user ID
and
user supplied password. If the bind works then this authenticates the
user. Like this (on User):
public boolean canAuthenticateWithPassword(String password) {
boolean canAuthenticateWithPassword = false;
Hashtable ldapEnvironment = ldapEnvironment();
ldapEnvironment.put(Context.SECURITY_PRINCIPAL, "userid=" +
userID() +
BASE_DN);
ldapEnvironment.put(Context.SECURITY_CREDENTIALS, password);
try {
DirContext ctx = new InitialDirContext(ldapEnvironment);
canAuthenticateWithPassword = true;
ctx.close();
}
catch (javax.naming.AuthenticationException authException) {
// Nothing to do, they fail.
}
catch (NamingException e) {
if (e.getRootCause() instanceof java.net.ConnectException) {
throw new NSForwardException(e, "Failed to contact LDAP
server.");
}
else {
throw new NSForwardException(e);
}
}
return canAuthenticateWithPassword;
}
Be careful with this: the password is sent plain text. Encrypting the
password with the SSL and SASL support in JDK 1.3 is little sketchy.
Support is much, much better in JDK 1.4 but you will need to update
to WO
5.2.2 for this. The Start TLS addition makes secure binding trivial.
The improper (yet fairly common) way to do this is to query (using a
fetch
spec) the server for records matching a given user ID and password.
If a
record is returned then you have authenticated the user. This can be
done
from WO using the JavaJNDIAdaptor and the LDAPPlugin. See the
package docs
for com.webobjects.jndiadaptor. This is also insecure. You need to
create
a sub-class of the LDAPPlugin to secure the communications. Again,
this is
much, much easier with JDK 1.4.
HTH
Chuck
At 01:52 AM 04/01/2004 -0500, Jesse Barnum wrote:
I need my WebObjects application to check and see whether a given
username/password is valid in an Open Directory server. There is a
very
tantalizing link in Apple's documentation:
http://developer.apple.com/documentation/LegacyTechnologies/
WebObjects/
WebObjects_4.5/System/Documentation/Developer/WebObjects/DeltaDoc/
EOF.html#CJADAEAG
It basically gives a really short & simple way to do exactly what I
want, using a method called authenticateUser(). However, this code
sample is for WebObjects 4.5 (I'm using 5.2.1), and the class that
this
is being called in is the LDAPAdaptor, which I can't find anywhere in
Apple's frameworks. Is there a simple way to do this WO 5?
--Jesse Barnum, CEO, 360Works
http://www.360works.com (770) 234-9293
Try WooF, the only solution for linking WebObjects and FileMaker!
_______________________________________________
WebObjects-dev mailing list
email@hidden
http://www.omnigroup.com/mailman/listinfo/webobjects-dev
--
Chuck Hill email@hidden
Global Village Consulting Inc.
http://www.global-village.net
_______________________________________________
WebObjects-dev mailing list
email@hidden
http://www.omnigroup.com/mailman/listinfo/webobjects-dev
========
-arturo
On Feb 9, 2006, at 10:31 PM, Owen McKerrow wrote:
Hi All,
A client has asked if we can connect to an Active Directory service
to do our authentication. All we need to do is a "Is this
username/password combination correct ?" yes or no. We don't need to
crate accounts in it or any other fun stuff, just the intial
authentication.
We have been looking over the net for some sample code and found a
couple of places :
http://forum.java.sun.com/thread.jspa?forumID=51&threadID=294498
http://forum.java.sun.com/thread.jspa?forumID=51&threadID=568314
http://forum.java.sun.com/thread.jspa?forumID=51&threadID=640518
http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
I was just wondering if anyone on the list has had an experience
with this, particular from inside a WO app, and if so if they would
be willing to provide some code samples or even suggestions as to
the best approach.
Thanks
Owen McKerrow
WebMaster, emlab
http://emlab.uow.edu.au
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - -
"I like the way this project has somehow, against all common sense,
got itself made."
- Peter Jackson, "The Lord of The Rings"
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden
This email sent to email@hidden
Owen McKerrow
WebMaster, emlab
http://emlab.uow.edu.au
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - -
"As of tomorrow, employees will only be able to access the building
using individual security cards. Pictures will be taken next Wednesday
employees will receive their cards in two weeks."
- "Dilbert Quotes" Winner, Fred Dales, Microsoft Corp
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden