[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Sample java code for User authentication using SSHA hasing



Thanks Craig,

Cool it worked, I have added full DN for  SECURITY_PRINCIPAL value.


My working code looks like this.


// Set up environment for creating initial context
Hashtable authEnv = new Hashtable(11);

String userName = "sundaram";

String passWord = "abc";

String base = "ou=People,dc=example,dc=com";

String dn = "uid=" + userName + "," + base;

authEnv.put(

Context.INITIAL_CONTEXT_FACTORY,

"com.sun.jndi.ldap.LdapCtxFactory");

authEnv.put(Context.PROVIDER_URL, "ldap://ldap.example.com:389";);

authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");

authEnv.put(Context.SECURITY_PRINCIPAL, dn);

authEnv.put(Context.SECURITY_CREDENTIALS, passWord);

try {

DirContext authContext = new InitialDirContext(authEnv);

System.out.println("Authentication Success!");

} catch (AuthenticationException authEx) {

System.out.println("Authentication failed!");

} catch (NamingException namEx) {

System.out.println("Something went wrong!");

namEx.printStackTrace();

}

Thanks
Sundaram
----------------------------
----- Original Message ----- 
From: "Craig Dunigan" <cdunigan@doit.wisc.edu>
To: "Sundaram Ramasamy" <sun@percipia.com>
Cc: "openldap-software" <openldap-software@OpenLDAP.org>
Sent: Monday, October 06, 2003 11:16 AM
Subject: Re: Sample java code for User authentication using SSHA hasing


> You don't have to worry about hashing at all.  Any LDAP authentication
> routine typically contain *two* binds, not just one.  The first bind
> should be as a service account (probably better not to use the directory
> Manager account) which does the search for the user's DN.  Something like
> this:
>
> String userName = "sundaram";
> String passWord = "mysecret";
> String base = "ou=People,dc=example,dc=com";
> Hashtable srchEnv = new Hashtable(11);
>
srchEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactor
y");
> srchEnv.put(Context.PROVIDER_URL, "ldap://ldap.example.com:389";);
> srchEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
> srchEnv.put(Context.SECURITY_PRINCIPAL, "cn=Manager,dc=example,dc=com");
> srchEnv.put(Context.SECURITY_CREDENTIALS, "secret");
> String[] returnAttribute = {"dn"};
> SearchControls srchControls = new SearchControls();
> srchControls.setReturningAttributes(returnAttribute);
> srchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
> String searchFilter = "(cn=" + userName + ")";
> try {
>     DirContext srchContext = new InitialDirContext(srchEnv);
>     NamingEnumeration srchResponse = srchContext..search(base,
searchFilter, srchControls);
>     // Probably want to test for nulls here
>     String distName = srchResponse.nextElement().toString();
> } catch (NamingException namEx) {
>     namEx.PrintStackTrace();
> }
> System.out.println("DN : " + distName.toString());
>
> The second bind actually binds as the user with the password given, so you
> don't need to compare anything.  The directory simply returns
> authentication success or failure (the latter throws an
> AuthenticationException).  Something like this:
>
> Hashtable env = new Hashtable(11);
>
authEnv.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactor
y");
> authEnv.put(Context.PROVIDER_URL, "ldap://ldap.example.com:389";);
> authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
> authEnv.put(Context.SECURITY_PRINCIPAL, userName);
> authEnv.put(Context.SECURITY_CREDENTIALS, passWord);
> try {
>     DirContext authContext = new InitialDirContext(authEnv);
> } catch (AuthenticationException authEx) {
>     System.out.println("Authentication failed!");
> } catch (NamingException namEx) {
>     System.out.println("Something went wrong!");
>     namEx.PrintStackTrace();
> }
>
> No searching or anything else required in the second bind, since binding
> is all you want to do.
>
> Hope this helps!
>
> Craig
>
> On Mon, 6 Oct 2003, Sundaram Ramasamy wrote:
>
> > Hi all.
> >
> > I want to use LDAP authentication for my web application. using SSHA
hashing
> > password stored in the LDAP database. I want sample java code for this?
> >
> > Using following code, I was able get the password, but  don't know
creating
> > SSHA hashing password and comparing with existing password,
> >
> >
> > Can some one help me on this?
> >
> > Thanks
> > SR
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > import javax.naming.*;
> >
> > import javax.naming.directory.*;
> >
> > import java.util.Hashtable;
> >
> >  public class LdapAuth {
> >
> > public static void main(String[] args) {
> >
> > // Set up environment for creating initial context
> >
> > Hashtable env = new Hashtable(11);
> >
> > env.put(
> >
> > Context.INITIAL_CONTEXT_FACTORY,
> >
> > "com.sun.jndi.ldap.LdapCtxFactory");
> >
> > env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:389";);
> >
> > // Authenticate as S. User and password "mysecret"
> >
> > env.put(Context.SECURITY_AUTHENTICATION, "simple");
> >
> > env.put(Context.SECURITY_PRINCIPAL, "cn=Manager,dc=example,dc=com");
> >
> > env.put(Context.SECURITY_CREDENTIALS, "secret");
> >
> > /*
> >
> > env.put(Context.SECURITY_PRINCIPAL,
> >
> > "cn=sundaram,ou=People,dc=example,dc=com");
> >
> > env.put(Context.SECURITY_CREDENTIALS, "abc123");
> >
> > */
> >
> > try {
> >
> > // Create initial context
> >
> > DirContext ctx = new InitialDirContext(env);
> >
> > // Perform the search
> >
> > NamingEnumeration n1 =
> >
> > ctx.search("ou=People,dc=example,dc=com", "(cn=su*)", null);
> >
> > System.out.println("CN : " + n1.toString());
> >
> > if (n1 == null) {
> >
> > System.out.println("No item in the name list");
> >
> > } else {
> >
> > while (n1.hasMore()) {
> >
> > //Object item = n1.next();
> >
> > SearchResult item= (SearchResult) n1.next();
> >
> > System.out.println("si :" + item.getName() );
> >
> > String temp = item.getAttributes().toString();
> >
> >
> > System.out.println("att" +temp);
> >
> > int s = temp.indexOf( "=userPassword:");
> >
> > int e = temp.indexOf( "scriptpath" );
> >
> > System.out.println( s + ":"+ e);
> >
> >
> > String pass= temp.substring( s +14, e);
> >
> >
> > System.out.println("pass :" + pass);
> >
> > System.out.println(
> >
> > "Item class is " + item.getClass().getName());
> >
> > System.out.println(item);
> >
> > }
> >
> > }
> >
> > // Close the context when we're done
> >
> > ctx.close();
> >
> > } catch (NamingException e) {
> >
> > e.printStackTrace();
> >
> > }
> >
> > }
> >
> > }
> >
>
>