Skip to main content

Java Active Directory authentication

Authenticate users member of a specific group with the java naming library.

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
<%@ page import="java.util.*" %>
<%@ page import="javax.naming.*"%>
<%@ page import="javax.naming.ldap.*"%>
<%@ page import="javax.naming.directory.*"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head><title>AD Authentication</title></head>
<body>
<%
request.setCharacterEncoding("utf-8");


String uname = request.getParameter("username");
String passwd = request.getParameter("password");
String ATTRIBUTE_FOR_USER = "sAMAccountName";
String returnedAtts[] ={ "sn", "givenName", "memberOf", "mail" };
String searchFilter = "(&(objectClass=user)(" + ATTRIBUTE_FOR_USER + "=" + uname + "))";


SearchControls searchCtls = new SearchControls();
searchCtls.setReturningAttributes(returnedAtts);


searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchBase = "/** AD search base, eg: OU=ougroups, DC=blogger, DC=com */";
Hashtable<String, String> environment = new Hashtable<String, String>();
environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");


environment.put(Context.PROVIDER_URL, "/** ldap server and port, eg: ldap://7.7.7.7:389 */");
environment.put(Context.SECURITY_AUTHENTICATION, "simple");


environment.put(Context.SECURITY_PRINCIPAL, uname + "/** domain name, eg: @blogger.com */");
environment.put(Context.SECURITY_CREDENTIALS, passwd);
LdapContext ctxGC = null;


try
{
      ctxGC = new InitialLdapContext(environment, null);


      NamingEnumeration answer = ctxGC.search(searchBase, searchFilter, searchCtls);
      if (answer.hasMoreElements())
      {
            while (answer.hasMoreElements())
      {
            SearchResult sr = (SearchResult)answer.next();
            Attributes attrs = sr.getAttributes();
            if (attrs != null)
            {
             String s = attrs.get("memberOf").toString();
                out.println("Member Of = " + s);
                if (s.contains("/** AD group, eg: CN=grusers, OU=ougroups, DC=blogger, DC=com */"))
                {
                 out.println("OK user is member of the group");
                }  else
                 {
                 out.println("No user is not member of the group");
                 }
            } else
            {
             out.println("User has no attributes");
            }
      }
      } else
      {
      out.println("Search retrieve nothing");
      }
 }
catch (NamingException e)
{
      out.println("Just reporting error");
}
%>
</body>
</html>

Comments

Popular posts from this blog