There's a piece of code Chuck Hill posted a while back that's exactly
this. Here it is (I just needed it yesterday for something else):
======= From Jan 2004
From: [EMAIL PROTECTED]
Subject: Re: LDAP / Open Directory authentication?
Date: January 4, 2004 1:59:02 PM EST
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Hi Jesse,
It depends on what you mean by "check and see whether a given
username/password is valid in an Open Directory server". The proper
way to
do this is by attempting to bind to the LDAP server using the user ID
and
user supplied password. If the bind works then this authenticates the
user. Like this (on User):
public boolean canAuthenticateWithPassword(String password) {
boolean canAuthenticateWithPassword = false;
Hashtable ldapEnvironment = ldapEnvironment();
ldapEnvironment.put(Context.SECURITY_PRINCIPAL, "userid=" +
userID() +
BASE_DN);
ldapEnvironment.put(Context.SECURITY_CREDENTIALS, password);
try {
DirContext ctx = new InitialDirContext(ldapEnvironment);
canAuthenticateWithPassword = true;
ctx.close();
}
catch (javax.naming.AuthenticationException authException) {
// Nothing to do, they fail.
}
catch (NamingException e) {
if (e.getRootCause() instanceof java.net.ConnectException) {
throw new NSForwardException(e, "Failed to contact LDAP
server.");
}
else {
throw new NSForwardException(e);
}
}
return canAuthenticateWithPassword;
}
Be careful with this: the password is sent plain text. Encrypting the
password with the SSL and SASL support in JDK 1.3 is little sketchy.
Support is much, much better in JDK 1.4 but you will need to update
to WO
5.2.2 for this. The Start TLS addition makes secure binding trivial.
The improper (yet fairly common) way to do this is to query (using a
fetch
spec) the server for records matching a given user ID and password.
If a
record is returned then you have authenticated the user. This can be
done
from WO using the JavaJNDIAdaptor and the LDAPPlugin. See the
package docs
for com.webobjects.jndiadaptor. This is also insecure. You need to
create
a sub-class of the LDAPPlugin to secure the communications. Again,
this is
much, much easier with JDK 1.4.
HTH
Chuck
At 01:52 AM 04/01/2004 -0500, Jesse Barnum wrote:
I need my WebObjects application to check and see whether a given
username/password is valid in an Open Directory server. There is a
very
tantalizing link in Apple's documentation:
http://developer.apple.com/documentation/LegacyTechnologies/
WebObjects/
WebObjects_4.5/System/Documentation/Developer/WebObjects/DeltaDoc/
EOF.html#CJADAEAG
It basically gives a really short & simple way to do exactly what I
want, using a method called authenticateUser(). However, this code
sample is for WebObjects 4.5 (I'm using 5.2.1), and the class that
this
is being called in is the LDAPAdaptor, which I can't find anywhere in
Apple's frameworks. Is there a simple way to do this WO 5?
--Jesse Barnum, CEO, 360Works
http://www.360works.com (770) 234-9293
Try WooF, the only solution for linking WebObjects and FileMaker!
_______________________________________________
WebObjects-dev mailing list
[EMAIL PROTECTED]
http://www.omnigroup.com/mailman/listinfo/webobjects-dev
--
Chuck Hill [EMAIL PROTECTED]
Global Village Consulting Inc.
http://www.global-village.net
_______________________________________________
WebObjects-dev mailing list
[EMAIL PROTECTED]
http://www.omnigroup.com/mailman/listinfo/webobjects-dev
========
-arturo
On Feb 9, 2006, at 10:31 PM, Owen McKerrow wrote:
Hi All,
A client has asked if we can connect to an Active Directory service
to do our authentication. All we need to do is a "Is this
username/password combination correct ?" yes or no. We don't need to
crate accounts in it or any other fun stuff, just the intial
authentication.
We have been looking over the net for some sample code and found a
couple of places :
http://forum.java.sun.com/thread.jspa?forumID=51&threadID=294498
http://forum.java.sun.com/thread.jspa?forumID=51&threadID=568314
http://forum.java.sun.com/thread.jspa?forumID=51&threadID=640518
http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
I was just wondering if anyone on the list has had an experience
with this, particular from inside a WO app, and if so if they would
be willing to provide some code samples or even suggestions as to
the best approach.
Thanks
Owen McKerrow
WebMaster, emlab
http://emlab.uow.edu.au
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - -
"I like the way this project has somehow, against all common sense,
got itself made."
- Peter Jackson, "The Lord of The Rings"
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list ([email protected])
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/
arturo%40ethicist.net
This email sent to [EMAIL PROTECTED]
