Wednesday, 25 May 2016

JNDI: Simple Authenticating using LDAP

We can specify the authentication information in Environment variables. JNDI provides following properties, to specify Authentication information.

Property
Description
Context.SECURITY_AUTHENTICATION
Specifies the Autnentication Mechanism to use. LDAPV3 supports three kinds of Authentication mechanisms, anonymous, simple, and SASL authentication. this can be one of the following strings: "none", "simple", sasl_mech, where sasl_mech is a space-separated list of SASL mechanism names.
Context.SECURITY_PRINCIPAL
Specifies the name of the user/program doing the authentication and depends on the value of the Context.SECURITY_AUTHENTICATION property.
Context.SECURITY_CREDENTIALS
Specifies the credentials of the user/program doing the authentication and depends on the value of the Context.SECURITY_AUTHENTICATION property.

First let me add userPassword attribute to user “Krishna”.

Select the user “Krishna”, Right click -> Net Attribute.

Select the attribute type to “userPassword” and press Finish.



It opens Password Editor and prompt for password, Confirm Password. You can encrypt the password by specifying any algorithm available in "Select Hash Method" dropdown. I am using SHA-256 algorithm.



I gave "password123" as password for person Krishna.
import java.util.Hashtable;

import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;

public class Test {
 private static final String CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
 private static final String PROVIDER_URL = "ldap://localhost:10389";
 private static final String SECURITY_AUTHENTICATION = "simple";

 public static void main(String[] args) throws NamingException {
  Hashtable<String, String> env = new Hashtable<String, String>(11);

  env.put(Context.INITIAL_CONTEXT_FACTORY, CONTEXT_FACTORY);
  env.put(Context.PROVIDER_URL, PROVIDER_URL);
  env.put(Context.SECURITY_AUTHENTICATION, SECURITY_AUTHENTICATION);
  env.put(Context.SECURITY_PRINCIPAL,
    "cn=Krishna,ou=people,dc=example,dc=com");
  env.put(Context.SECURITY_CREDENTIALS, "password123");

  try {
   DirContext ctx = new InitialDirContext(env);
   System.out.println("Authentication Successful");
   ctx.close();
  } catch (NamingException e) {
   System.out.println("Authentication Failed");
   e.printStackTrace();
  }

 }
}

Output
Authentication Successful


Now change the following statement
env.put(Context.SECURITY_CREDENTIALS, "password123");

to (I updated with wrong password)
env.put(Context.SECURITY_CREDENTIALS, "abcd);

Re run Test.java, you will get following kind of output.
Authentication Failed
javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user cn=Krishna,ou=people,dc=example,dc=com]
 at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
 at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
 at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
 at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
 at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
 at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
 at javax.naming.InitialContext.init(InitialContext.java:244)
 at javax.naming.InitialContext.<init>(InitialContext.java:216)
 at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
 at jndi_tutorial.Test.main(Test.java:26)



Previous                                                 Next                                                 Home

No comments:

Post a Comment