Skip to main content

Java Active Directory authentication

Authenticate users member of a specific group with the java naming library.

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
<%@ page import="java.util.*" %>
<%@ page import="javax.naming.*"%>
<%@ page import="javax.naming.ldap.*"%>
<%@ page import="*"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "">
<head><title>AD Authentication</title></head>

String uname = request.getParameter("username");
String passwd = request.getParameter("password");
String ATTRIBUTE_FOR_USER = "sAMAccountName";
String returnedAtts[] ={ "sn", "givenName", "memberOf", "mail" };
String searchFilter = "(&(objectClass=user)(" + ATTRIBUTE_FOR_USER + "=" + uname + "))";

SearchControls searchCtls = new SearchControls();

String searchBase = "/** AD search base, eg: OU=ougroups, DC=blogger, DC=com */";
Hashtable<String, String> environment = new Hashtable<String, String>();
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

environment.put(Context.PROVIDER_URL, "/** ldap server and port, eg: ldap:// */");
environment.put(Context.SECURITY_AUTHENTICATION, "simple");

environment.put(Context.SECURITY_PRINCIPAL, uname + "/** domain name, eg: */");
environment.put(Context.SECURITY_CREDENTIALS, passwd);
LdapContext ctxGC = null;

      ctxGC = new InitialLdapContext(environment, null);

      NamingEnumeration answer =, searchFilter, searchCtls);
      if (answer.hasMoreElements())
            while (answer.hasMoreElements())
            SearchResult sr = (SearchResult);
            Attributes attrs = sr.getAttributes();
            if (attrs != null)
             String s = attrs.get("memberOf").toString();
                out.println("Member Of = " + s);
                if (s.contains("/** AD group, eg: CN=grusers, OU=ougroups, DC=blogger, DC=com */"))
                 out.println("OK user is member of the group");
                }  else
                 out.println("No user is not member of the group");
            } else
             out.println("User has no attributes");
      } else
      out.println("Search retrieve nothing");
catch (NamingException e)
      out.println("Just reporting error");


Popular posts from this blog

Find and replace with sed command in Linux

Find and replace feature is always handy. It can turn into a torture when it comes to change or delete a simple constant string in a text file. There is a handy tool in linux for doing these kind of tihngs. Actually sed is not a text editor but it is used outside of the text file to make changes.