|
|
ActiveDirectory authentication
Hello alli have a webapp which is currently usign LDAP for authenticating our users.
At the moment i am using a LdapAuthenticationProvider along with ldap.authenticator.BindAuthenticator (and a user string, as i can login anonymously)
I need to move to ActiveDirectory authentication very soon...
the problem i have is that i can't bind anonymously to AD, so will need to login.
That would be enough for me as the only reason i use AD is to authenticate users (roles are stored somewhere else).
i have few issues here:
I have tried to implement my own BindAuthenticator, which creates a DirContext with userCredentials., this way
Code:
@Override public DirContextOperations authenticate(Authentication authentication) {try{ String principal = userPrefix + authentication.getPrincipal(); String password = (String) authentication.getCredentials(); Hashtablelt;String, Stringgt; env = new Hashtablelt;String, Stringgt;(); env.put(Context.INITIAL_CONTEXT_FACTORY, quot;com.sun.jndi.ldap.LdapCtxFactoryquot;); env.put(Context.PROVIDER_ucl, ucl); env.put(Context.SECURITY_PRINCIPAL, principal); env.put(Context.SECURITY_CREDENTIALS, password); DirContext context = new InitialDirContext(env); DirContextOperations authAdapter = new DirContextAdapter(); authAdapter.addAttributeValue(quot;ldapContextquot;, context); return authAdapter;}catch(Exception e){ throw new IllegalArgumentException(e);} }
The problem i have with the code above (beign new to LDAP as well) is that for every authentication i need to create a DirContext.
Will i run then out of connection in LDAP?
Ideally when a user logs off, i should 'close' the connection to ldap, is that correct?
but where do i do that if i use my custom LdapAuthenticator? at teh end of the DirContext creation?
w/kindest regardsmarco |
|
Post at 2011-4-15 15:09
| This Author's Posts Only
