Thanks to everyone with their help about my form-based login classes. I have made a trivial LDAP authenticator that I am sharing so hopefully it will help someone out the next time. It only checks that a user is in the database, it does not care about roles or anything like that so you may need to refine it for your own needs. Also, it only does FORM based logins but can easily be modified for other auth types (e.g. BASIC). Instructions on how to setup FORM based login are in the JRun docs. You will need to put these properties in your local.propeties: authentication.service=JRunLDAPAuth authentication.JRunLDAPAuth.class=com.barcap.strax.web.JRunLDAPAuth authentication.JRunLDAPAuth.basedn=o=myorg, # whatever the point in your LDAP database that you want to search. authentication.JRunLDAPAuth.ldapuri=ldap://myldapserver:389 authentication.JRunLDAPAuth.ldapprovider=com.sun.jndi.ldap.LdapCtxFactory # or whatever you want to use Here is the code (it is unsupported, I can't guarantee to help you with questions, I accept no liability for its use bla bla bla): import java.security.*; import java.util.*; import javax.servlet.http.*; import javax.naming.*; import javax.naming.directory.*; import allaire.jrun.security.*; import allaire.jrun.util.*; public class JRunLDAPAuth implements allaire.jrun.security.AuthenticationInterface { private String ldapURI; private String ldapProvider; private String baseDN; public void init(OrderedProperties props) throws Exception { ldapURI = (String)props.get("ldapuri"); ldapProvider = (String)props.get("ldapprovider"); baseDN = (String)props.get("basedn"); if (ldapURI == null || ldapProvider == null || baseDN == null) { throw new Exception("Error: Configuration properties required by JRunLDAPAuth were not found."); } } public Principal authenticate(HttpServletRequest request, String username, String authType, String password) { if (!"FORM".equals(authType)) { return null; } Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, ldapProvider); env.put(Context.PROVIDER_URL, ldapURI); try { // Bind to the LDAP directory anonymously. DirContext ctx = new InitialDirContext(env); // Attempt to authenticate the user by binding to the LDAP database using their // credentials. String dn = "uid=" + username + "," + baseDN; ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, dn); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password); try { SearchControls c = new SearchControls(); c.setReturningAttributes(new String[0]); c.setSearchScope(SearchControls.OBJECT_SCOPE); NamingEnumeration authResults = ctx.search(dn, "(uid=" + username + ")", c); return new allaire.jrun.security.AuthenticatedPrincipal(username); } catch (NamingException ne) { return null; } } catch (Exception e) { e.printStackTrace(); return null; } } public Principal authenticate(HttpServletRequest request, String username, String authType, byte[] password) { return authenticate(request, username, authType, password); } public void destroy() { } public boolean isPrincipalInRole(Principal p0, String p1) { return true; } } -------------------------------------------------------------------------------------- For more information about Barclays Capital, please visit our web site at http://www.barcap.com. Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group unless otherwise specifically stated. -------------------------------------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
