How to login using Active Directory or LDAP
From WebRatio WebML Wiki
|
|
|
Contents |
Introduction
It is possible to prepare an integration through a login mechanism system via LDAP or Active Directory, in an application developed with WebRatio. To do this, you will need to use external libraries that allows to customize the WebRatio classic login mechanism, and go through the Directory Service before the user logins.
Libraries used in this example is Waffle (Windows Authentication Framework).
Set Up Application Server and Application Deploy
- Package waffle-jna.jar, commons-logging-1.1.1.jar, jna.jar, guava-r07.jar and platform.jar in the application's lib directory or copy them to Tomcat's lib.
- In web.xml file of the deployed application (you can find in <AppFolder\WEB-INF\web.xml>)add the following code
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Custom Credential Service implementing WebRatio Credential Service Interface
Now we have to implement a java interface named Credential Service. This class allows the user to automatically log in into the Web application and to directly access protected modules. There is no explicit log in since the user credentials are retrieved from an access management system.
In the WebRatio standard installation there is the RTXCredentialService.java interface, which has to be implemented by the CredentialService.java class in order to realize the single sign on using an access management system like Active Directory or LDAP. The code contained in this class depends on the access management system used and it has to retrieve in someway the user credential informations.
These are the steps in order to integrate the single sign on feature in your Web Project:
- Create a Java Project which contains the class implementing the RTXCredentialService interface
- Select File -> New -> Java Project from the main menu. Type a name for the project and click on the Finish button
- Create a package inside the new Java Project giving it a name of your choice.
- Select File -> New -> Class from the main menu to add the CredentialService.java class in the package.
- Write in the class the java code to retrieve the credentials and perform the login (look to the next sections for examples)
- Right click on the Java Project and choose the Select Export -> JAR File command. Click on the Next button and choose the destination folder. Usually the destination folder is the WebContent/WEB-INF/lib directory of your Web Project. In this way every time you generate the Web Project you have also the last version of the Credential Service.
- The first time you generate the Web Project you have also to tell the Web application to use your Credential Service to bypass the standard login. To do this you have to add a new property in the WebRatio runtime configuration file
- Open the RTXConfig.properties file present in the WEB-INF/conf folder of your deploy directory.
- Add the following property at the end of the file
credentialsService= mypackage.CredentialService
- Save the file and restart you application server
- Copy the RTXConfig.properties in the WebContent/WEB-INF/conf directory of your Web Project in order to assure that the next generation of the project copies the file having this new property in the deploy directory.
In the next sections you will see some examples of CredentialService implementation.
Implement WebRatio RTXCredentialService
package accessActiveDirectory;
import java.security.Principal;
import java.util.Hashtable;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import com.webratio.rtx.Pair;
import com.webratio.rtx.RTXConstants;
import com.webratio.rtx.RTXCredentialsService;
import com.webratio.rtx.RTXException;
import com.webratio.rtx.RTXManager;
import com.webratio.rtx.RTXPermissionException;
import com.webratio.rtx.log.LogFactory;
public class CredentialService implements RTXCredentialsService {
private static Log log = LogFactory.getLog(CredentialService.class);
public Pair getCredentials(Map localContext, Map sessionContext,
RTXManager mgr) throws RTXPermissionException, RTXException {
Hashtable<String, Object> env = new Hashtable<String, Object>();
HttpServletRequest request = (HttpServletRequest) localContext.get(RTXConstants.HTTP_SERVLET_REQUEST_KEY);
HttpServletResponse response = (HttpServletResponse) localContext.get(RTXConstants.HTTP_SERVLET_RESPONSE_KEY);
Principal pr = request.getUserPrincipal();
String userName;
if (pr != null) {
userName = pr.getName();
userName = StringUtils.split(userName, "\\")[StringUtils.split(userName, "\\").length-1];
} else {
log.debug("No user in request header!");
return null;
}
System.out.println("utente"+userName);
if(StringUtils.isNotBlank(userName)) {
log.debug("Performing login for userName " + userName);
mgr.getAuthenticationService().performLogin(userName, "", localContext, sessionContext);
}
return null;
}
}
- Retrieves and stores in the LOG static variable the shared log instance.
- Declares the getCredentials method that has to be implemented in the class.
- Retrieves the HTTP request
- Performs the login. This method is the point in which the login into the Web application is made and where the user credentials are stored in the global context parameters "UserCTXParam" e "GroupCTXParam"
Now we must create a jar of the project containing the compiled class and put the .jar in the /WEB-INF/lib folder of the Web Project and generate it full. Obviously, we will not need anymore to model a page to allow the user to enter credentials login, because when the user will enter in the web application, he will be already logged in.
