1 Reply Latest reply on Mar 7, 2002 10:22 AM by jwkaltz

Ldap-Login-Questions

matthias Mar 7, 2002 8:19 AM

Hi,

i want to autenticate the login to JBoss with the Help of Ldap. I have a W2000 Domain
and there is also a Ldap-Server.

In the moment it´s not clear for me, what i have to do in the Client-Java-Program. How can i send
the credentials. Do i have to implement a CallbackHandler to send user and password to the server ?
I think the password has to be crypted when it is send to the server but i don´t know how.
Are there ready-modules to do this work ?

I would be glad to get help on this topic.

Regards Matthias

//----------- server_auth.conf -------------------------------------------------------------------------------------
exampleLdap {
org.jboss.security.plugins.samples.LdapLoginModule required
java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
principalDNPrefix="cn="
principalDNSuffix=",ou=xx,ou=x1xx,dc=xxxxx,dc=de"
rolesCtxDN="ou=xx,dc=xxxxx,dc=de"
roleAttributeID="cn"
uidAttributeID="uniqueMember"
java.naming.provider.url="ldap://computer01/"
java.naming.security.authentication="simple"
matchOnUserDN=true
unauthendicatedIdentity="nobody"
;
};
//----------- server_auth.conf -------------------------------------------------------------------------------------

//----------- client-java-programm --code-snippets from jaas/howto-Example----------------------
public static void actionSuchen() throws Exception
{
System.setErr(System.out);
String name = "scott";
char[] password = "echoman".toCharArray();
//example1a
String example = "example1a";
try
{
AppCallbackHandler handler = new AppCallbackHandler(name, password);
LoginContext lc = new LoginContext("TestClient", handler);
lc.login();
}
catch (LoginException le)
{
System.out.println("Login failed");
le.printStackTrace();
}

try
{
InitialContext iniContext = new InitialContext();
SessionHome home = (SessionHome) iniContext.lookup("example1a/StatelessSession");
Session bean = home.create();
System.out.println("Bean.echo('Hello') -> "+bean.echo("Hello"));
bean.remove();
}
catch(Exception e)
{
e.printStackTrace();
}
}
//----------- client-java-programm --code-snippets from jaas/howto-Example----------------------

1. Re: Ldap-Login-Questions

jwkaltz Mar 7, 2002 10:22 AM (in response to matthias)

> In the moment it´s not clear for me, what i have to
> do in the Client-Java-Program. How can i send
> the credentials. Do i have to implement a
> CallbackHandler to send user and password to the
> server ?

The trick is, the client side also uses Jaas, that's why you indeed need a CallbackHandler on your client. You also need the Jaas configuration on your client as well (auth.conf -> configuration for org.jboss.security.ClientLoginModule).
This is how the user credentials are bound to the jboss invocation layer; the rest is transparent to the developer.

> I think the password has to be crypted when it is
> send to the server but i don´t know how.
> Are there ready-modules to do this work ?

It depends on how the password is stored in your ldap. Is it stored crypted and if yes with what encryption algorithm. If yes, you need to tell your server-side login module these parameters.
Or, I suppose it's conceivable to encrypt the password in the client instead, and not touch the server-side stuff (which uses a simple string compare to compare the passwords). In this case you would write the code to encrypt the password yourself on the client, there are some utility classes in Java to do this (either in JavaTM Secure Socket Extension or in JavaTM Cryptography Extension (JCE), I can't remember which)
Actions