Java EE

Java Enterprise Edition

There are 2 posts filed in Java EE (this is page 1 of 1).

JAAS with active directory authentication in a web application

This is a sample to use JAAS authentication with a windows active directory server. I use a Sun Java System Application Server, so the steps with other servers could be different.

Step 1: Defining LDAP realm

In this example you must define a LDAP realm named «ads-realm» with the following parameters:

Realm class:

com.sun.enterprise.security.auth.realm.ldap.LDAPReam

Properties:

directory            = ldap://ads.host.name:389
base-dn              = DC=ads,DC=domain,DC=com
search-bind-dn       = user
search-bind-password = password
search-filter        = (&(objectClass=user)(sAMAccountName=%s))
group-search-filter  = (&(objectClass=group)(member=%d))
jaas-context         = ldapRealm

You must change directory, base-dn, search-bind-dn and search-bind-password to your active directory configuration. The «search-bind-dn» and «search-bind-password» parameters are needed, because with default settings active directory doesn’t allow anonymous users to browse the directory.

Step 2: Setting the following JVM Switch for refferals

The following JVM switch is needed with active directory LDAP servers:

-Djava.naming.referral=follow

Add this switch to your server startup script or with the admin console.

Step 3a: Basic authentication

Add the following section to your web.xml or go to Step 3b for form
based authentication.


  BASIC
  ads-realm

Step 3b: Form based authentication

Add the following section to your web.xml:


  FORM
  ads-realm
  
    /login.html
    /login.html

Create the page /login.html with a least the following code:


  
  
    

      Username: 

      Password:

Step 4: Adding security role to web.xml

Add at least one security role to your web.xml, in this example «userRole».


  userRole

Step 5: Adding security constraint to web.xml

Now we must create a security constraint and the path to the pages we want to allow only authenticated access. In this sample the access to the folder /pages/ is resticted to authenticated users in role «userRole».


  SecurityConstraint
  
    SecuredFolder
      /pages/*
    
    
      userRole
    
  
    NONE

Step 6: Create role mapping between active directory group and role

Role mappings are defined in sun-web.xml for the Sun Java System Application Server, so add the following section:


  userRole
  users

This maps the active directory group «users» to our role «userRole»,
so only users in the group «users» can access our secured folder.

Hibernate with JPA

To use Hibernate as a persistence provider for the Java Persistence API (JPA) you must include the following jar files into your classpath:

  • From Hibernate Entity Manager
    • hibernate-entitymanager.jar
    • lib/hibernate-annotations.jar
    • lib/hibernate-commons-annotations.jar
    • lib/jboss-archive-browsing.jar
  • From Hibernate Core
    • hibernate3.jar
    • lib/antlr-2.7.6.jar
    • lib/asm-attrs.jar
    • lib/asm.jar
    • lib/c3p0-0.9.1.jar
    • lib/cglib-2.1.3.jar
    • lib/commons-collections-2.1.1.jar
    • lib/commons-logging-1.0.4.jar
    • lib/concurrent-1.3.2.jar
    • lib/dom4j-1.6.1.jar
    • lib/ehcache-1.2.3.jar
    • lib/javassist.jar
    • lib/log4j-1.2.11.jar

If you use a Java SE project you must also include the javaee.jar file from the Java EE 5 SDK.

Here is a sample persistence.xml file:




  
    org.hibernate.ejb.HibernatePersistence
    jdbc/webstore