How to authenticate against native OS in Java and without using JNI?

Question

My Java RCP application prompts the user for username and password upon start-up. How could I use these credentials to do authentication against the native OS without using JNI to port some C libraries? Thanks!

PS. If possible, pure Java implementation without using third-party libraries will be very much preferable.

Answer 1

AFAIK, this just isn't possible without involving native extensions to Java in some manner - there is no Java API for this.

You could take a look at the JNA project. It uses native code, but you don't have to write any - it's done for you.

---

EDIT: If all you want to do is validate the username/password, then I believe that the JNDI/LDAP direction may work for you - I've done this before on the AS/400 from Java, though I was not totally happy with the end result.

If you want to cause the O/S to recognize your JVM process as being credentialed as a particular user, you are going to need some form of access to non-portable native API's.

BTW, what O/S(s) are we talking about.

---

EDIT2: I am going to post fragments from how I used LDAP to verify a username/password, on the off chance that that is what you are after; these are lifted straight from my code, not intended to be directly compilable.

This is some of the first Java code I ever wrote, please be merciful:

import java.security.*;
import java.util.*;

import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;

...

private Hashtable                       masterEnv;          // master environment settings
private String                          authMethod;         // default authentication method

...

public void init() {
    // NOTE: Important to use a non-pooled context and a clone of the environment so that this authenticated
    //       connection is not returned to the pool and used for other operations
    masterEnv=new Hashtable();
    masterEnv.put(Context.INITIAL_CONTEXT_FACTORY,ldapFactory);
    masterEnv.put(Context.PROVIDER_URL,providerUrl);
    masterEnv.put(Context.SECURITY_PROTOCOL,secProtocol);
    masterEnv.put(Context.REFERRAL,"follow");
    masterEnv.put("com.sun.jndi.ldap.connect.pool","false");

    authMethod=System.getProperty("authenticationMethod","simple");
    }

...

private void verifyUserPassword(String ui, String pw, String am) throws NameNotFoundException, AuthenticationException, AuthenticationNotSupportedException, NamingException, NamingException {
    // ui=user ID
    // pw=password
    // am=authentication method

    DirContext      lc=null;                                // ldap context object
    Hashtable       le;                                     // ldap environment object

    if(am.length()==0) { am=authMethod; }

    le=(Hashtable)masterEnv.clone();
    le.put(Context.SECURITY_AUTHENTICATION,am);
    le.put(Context.SECURITY_PRINCIPAL     ,ui);
    le.put(Context.SECURITY_CREDENTIALS   ,pw);
    lc=new InitialDirContext(le);
    lc.close();
    }

Answer 2

You could validate using JNDI and LDAP (assuming you are using LDAP/Active Directory for verification). Check out this thread for more details on how to do this.

Answer 3

Can some one post the LDAP Authentication code in detail ?

Answer 4

This example, http://spnego.sourceforge.net/pre_flight.html, talks about a HelloKDC.java program where the only thing it does is authenticate a username and password.