tags:

views:

450

answers:

2
+1  Q: 

JAAS with LDAP password policy

Hello all,

A user is accessing a restricted web application with JAAS (on Glassfish 2.1). LDAPRealm is used, and authentication is successfully performed from LDAP. A password policy should be installed for the users, so that they are forced to change passwords, have passwords of certain complexity/length, password failures and last N passwords should be checked. Password policy of LDAP server used (OpenDS) supports all this, but it is not obvious at all how to receive this kind of information in JAAS FORM login we are using, so that the information (i.e. "Please change you password") can be displayed to the user.

Do you have any ideas how to go about implementing this? Using database only is not an option, users need to be in LDAP. What is not obvious is whether to use LDAP password policies at all, or have it all programmed in our web application. I would like to avoid this and use LDAP's native password policies.

Thank you for answers and best regards, Bozo

+2  A: 

Unfortunately, what you can do using JAAS is kind of constrained to a small set of operations that any login system can support. While LDAP supports a password policy, other login systems (eg keystores) may not, so JAAS cannot have code that requires this.

Hence, you'll have to talk to the LDAP server directly using either JNDI or possibly this library from Novell.

Zarkonnen  2009-10-17 10:47:57
Hello Zarkonnen - should I be able to write a custom JAAS login module, one that will catch the exception sent from LDAP and do the proper logic towards the user?
bozo  2009-10-17 10:53:04
i.e., using something like this: http://stuffthathappens.com/blog/2008/05/16/writing-a-custom-jaas-loginmodule/ .
bozo  2009-10-17 11:01:01
A: 

Got it. Have to use a SAM, since you cannot receive LoginException (with reason of login failure) in the existing auth mechanisms in Glassfish. Answer is here: http://stackoverflow.com/questions/992915/how-to-override-jsecuritycheck-in-glassfish

bozo  2009-10-17 13:19:24

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java