Results 1 to 7 of 7
  1. #1
    sirair is offline Member
    Join Date
    Jun 2013
    Posts
    11
    Rep Power
    0

    Default Task to implement ldap authentication

    Hello,

    I have to implement a ldap authentication.
    But I don't know if I made it by using the ServletFilter or JAAS. It should be a JAVA EE application.
    When to use SerfvletFilter and when to use JAAS in case of LDAP?
    Last edited by sirair; 02-18-2014 at 09:40 AM.

  2. #2
    gimbal2 is offline Just a guy
    Join Date
    Jun 2013
    Location
    Netherlands
    Posts
    3,894
    Rep Power
    5

    Default Re: Task to implement ldap authentication

    Good question. What do you think?
    "Syntactic sugar causes cancer of the semicolon." -- Alan Perlis

  3. #3
    sirair is offline Member
    Join Date
    Jun 2013
    Posts
    11
    Rep Power
    0

    Default Re: Task to implement ldap authentication

    :) I think it will be easy to use JAAS, because of the ready LoginModules like LDAPLoginModule.
    The usage of ServletFilter means to use a third party library for LDAP binding.
    But I think JAAS will be mostly used when there is rights and roles and not only authentication.
    But implementing in ServletFilter will be easy portable, than making in JAAS. JAAS is limited in its war file.
    Are there other technical aspects which I have to consider in context of LDAP or in context of JAAS or ServletFilter?
    Last edited by sirair; 02-18-2014 at 11:47 AM.

  4. #4
    gimbal2 is offline Just a guy
    Join Date
    Jun 2013
    Location
    Netherlands
    Posts
    3,894
    Rep Power
    5

    Default Re: Task to implement ldap authentication

    You are right to go for JAAS since that is simply a standardized way to do it integrated into any product worth mentioning; the limitations you vaguely refer to do not exist. Applying a servlet filter is more of an old fashioned hack; it works, but why hack when you can use well-documented standards? People using a filter today simply do not want to make the effort to learn how to do it properly, in my opinion.

    A side note though: it may well be that you need to apply both techniques depending on whatever security demands you will have. Your system architecture designs should give an idea what to implement where.
    "Syntactic sugar causes cancer of the semicolon." -- Alan Perlis

  5. #5
    sirair is offline Member
    Join Date
    Jun 2013
    Posts
    11
    Rep Power
    0

    Default Re: Task to implement ldap authentication

    ok thx could you please mention with an example what security demands you mean?
    Does JAAS have any techical limiations?

  6. #6
    gimbal2 is offline Just a guy
    Join Date
    Jun 2013
    Location
    Netherlands
    Posts
    3,894
    Rep Power
    5

    Default Re: Task to implement ldap authentication

    That would be a discussion too technical to go into at this point; you first have some studying to do and then you can probably come up with some ideas yourself. Off the top of my head I would not be able to name specific examples which would be logical to put into words without having to turn it into a huge problem description to put it into context.

    > Does JAAS have any techical limiations?
    I suggest you go research that.

    EDIT:

    I have to confess something though; the system I maintain at work applies LDAP authentication through Kerberos on a JBoss AS container... in a filter. I had to confess that because I was feeling a bit of shame. That filter does a whole lot more than only authentication though. And at this point my earlier comment of huge problem description bla bla bla comes into play.
    Last edited by gimbal2; 02-18-2014 at 01:18 PM.
    "Syntactic sugar causes cancer of the semicolon." -- Alan Perlis

  7. #7
    sirair is offline Member
    Join Date
    Jun 2013
    Posts
    11
    Rep Power
    0

    Default Re: Task to implement ldap authentication

    After some research I have some questions for these scenarios:

    1. Scenario: The system should allow the user to change password after the user has logged in.
    2. Scenario: The login credentials(username password) should be stored locally in a textfile.

    I think for the listed scenarios it is not absolutely meaningful to use JAAS.
    With JAAS it is generally possible to implement scenario 1. But when we imagine that the role to change password has to be changed dynamically by the
    system administrator, JAAS is not practical because the role cannot be changed dynamically how I understand.

    For the second scenario, it is not possible to add/remove username and password directly in the textfile after the deployment.

    Is it correct?

Similar Threads

  1. ldap
    By Apprentice123 in forum New To Java
    Replies: 1
    Last Post: 12-14-2012, 09:28 PM
  2. How to convert windows authentication to NtlmPassword Authentication
    By bachi in forum JavaServer Pages (JSP) and JSTL
    Replies: 3
    Last Post: 11-27-2012, 04:28 PM
  3. LDAP Authentication - How to bind twice
    By cabcalaway in forum Advanced Java
    Replies: 0
    Last Post: 12-29-2011, 10:21 AM
  4. Replies: 0
    Last Post: 11-19-2011, 06:25 PM
  5. Replies: 2
    Last Post: 05-18-2010, 03:12 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •