First8 staat voor vakmanschap. Al onze collega’s zijn een groot aanhanger van Open Source en in het bijzonder het Java-platform. Wij zijn gespecialiseerd in het pragmatisch ontwikkelen van bedrijfskritische Java toepassingen waarbij integratie van systemen, hoge eisen aan beveiliging en veel transacties een belangrijke rol spelen. Op deze pagina vind je onze blogs.

JBoss LDAP Authentication

Every environment needs it, you can hardly get around it: User Management. It is always a challenge and a drag at the same time. How much should be stored? How should passwords be stored? Do we need RBAC? Do we need some SSO and with whom? Do we need a (G)UI for management?

Wouldn’t it be great if we could pass this responsibility on. And we can! In Enterprise-land there is LDAP.

JBoss logo

Example project

In JBoss there is default support for LDAP. In this post we will present an example project that will allow you to use LDAP with a war-application. The example project provides all steps to try this out locally, including the setup of a test LDAP-server and test data.

The four main parts in getting a war-application that has LDAP-authentication are:

ldap
LDAP
  1. a security-domain within standalone.xml
  2. a link of this security-domain to your war in the jboss-web.xml
  3. a set of security-constraint in your web.xml
  4. a set of roles in your web.xml

The security-domain within standalone.xml has all the connection details of how to connect to the LDAP-server. It also has the mappings of where to find the users in your LDAP and how to find which groups these users belong to. The jboss-web.xml has the details to connect this security-domain to your war. Then the web.xml has the fine-grained details to protect parts of your application. Each of these steps is described in detail in the example project which reads as a tutorial.

Form login

The example project has different branches. The master only does BASIC-authentication. The form_auth branch will detail how a nice login-page can be added to this setup, allowing the user to logout without restarting the browser.

Audit logging

Want to know who used your application and when? JBoss has standard audit logging. This can be enabled by adding a logger for the org.jboss.security.audit-class.

Next

This article showed how LDAP-authentication can be used to delegate the User Management to an external source. The next article will detail a solution that will  allow for User Management that includes a web-ui and even has social logins via Google, Facebook & Twitter. All with JBoss-stack components.

Links