How to Integrate NDS eDirectory with Your Web Application Using How-To Article

Transcription

How to Integrate NDS eDirectory
with Your Web Application Using
the eCommerce Beans for LDAP
How-To Article
NOVELL APPNOTES
J. Jeffrey Hanson
Senior Architect
Financial Fusion
[email protected]
This article discusses the use of LDAP Beans for eCommerce in leveraging NDS
eDirectory within Web Applications.
Contents:
•
The Need for LDAP
•
Separating Business Logic and Presentation Using MVC
•
Supported Platforms and Installation Requirements
•
LDAP Connections
•
Modifying LDAP Entries
•
Deleting LDAP Entries
•
Summary
•
References
Topics
Java Beans, LDAP, NDS eDirectory
Products
NetWare, NDS eDirectory
Audience
network designers, administrators, integrators
Level
intermediate
Prerequisite Skills
familiarity with LDAP and NDS eDirectory
Operating System
NetWare
Tools
eCommerce Beans for LDAP
Sample Code
yes
J u l y
2 0 0 1
61
The Need for LDAP
Directory services are designed to assist in locating organizations, people, and
other entities such as servers, printers, databases, groups, applications, and so on.
They link organizations and other entities together using a hierarchical tree
structure, and they maintain logical order in a network that may interconnect
many sites and may support thousands of users with multiple network objects and
interconnections.
Many different directory services implementations exist with several different
proprietary APIs used to access the directories they represent. Recently, the
introduction of Lightweight Directory Access Protocol (LDAP) has evolved as a
platform and directory independent mechanism for creating, managing, and
accessing directory services servers. Developed at the University of Michigan at
Ann Arbor, LDAP is a protocol for accessing and managing directory services.
LDAP’s basic structure is based on a simple information tree called a “directory
information tree” (DIT). Each leaf in the tree is an entry; the first, or top-level
entry, is the root entry. An entry includes a distinguished name (DN) and any
number of attribute/value pairs. The DN, which is the name of an entry, must be
unique. It represents the relationship between the entry and the rest of the DIT,
similar to the way in which a file’s full path name represents its relationship in a
file system.
The LDAP protocol defines six standard operations that can be performed:
•
Binding/authenticating to the directory
•
Searching for entries in the directory
•
Reading attributes of entries in the directory
•
Adding entries to the directory
•
Modifying existing entries in the directory
•
Removing an entry from the directory
Other services defined by LDAP are referral (allowing directory servers to link to
each other), replication, and encryption using SASL, SSL, user certificates, and
Access Control Lists.
Separating Business Logic and Presentation Using MVC
Novell’s LDAP Beans for eCommerce will be used to perform several kinds of
directory services management duties, as shown in the Web application examples
below. Web applications typically consist of an HTTP request passed from a Web
browser to a Web server, or from a Web application server where some form of
business logic or data access is performed. The response is formed as HTML and
passed back to the Web browser. This interaction between the client and server
62
www.novell.com/appnotes
can be abstracted using the model-view-controller (MVC) pattern. The request
will be initially handled by a servlet residing within the Web application
environment. This servlet acts as the controller of the Web application. The
controller-servlet reacts to the request by retrieving data for the client and by
executing business logic for the client. The controller-servlet then passes a
response, in the form of HTML, back to the client.
Using one servlet to handle data access, perform business logic, form HTML
responses, and so on, leads to an implementation that is not easily customized for
different domains and/or client devices. To solve this problem, let the
controller-servlet handle the incoming requests, but supply the controller-servlet
with Java Beans that perform data access and business logic. As long as you
carefully craft the interfaces that the Java Beans expose, the beans can be easily
replaced with other beans that access different data sources or perform different
business logic. This can all take place without re-installing the application or
bringing down the server. The eCommerce beans used for data access and
business logic are built using the “Command” pattern and will make up the model
for this application.
The design can be taken even further towards shielding from customization
problems and, at the same time, provide a clean mechanism for supporting
multiple client devices. Do this by using Java Server Pages as the means to
produce the user interface that is passed back to the client. Java Server Pages
(JSP) are simply HTML pages with a few special tags introduced, which allow
Java code to be embedded within the HTML. A JSP is compiled on the server, on
its first invocation, into a Java servlet. The resulting servlet handles the duties of
forming the response that is passed back to the client. An HTML author can
customize the JSP at any point after its creation, and the server will then
re-compile the JSP on its next invocation. Then the customization will be exposed
to the client. This eliminates the need to re-compile any other part of the
application and can be done while the server and application are running. Java
Server Pages make up the view portion of the application.
Supported Platforms and Installation Requirements
Novell’s eCommerce LDAP Beans are supported on the following platforms:
•
Java 2 Platform, Standard Edition, v1.2 or greater
•
NDS eDirectory version 8.0 or greater
•
iPlanet Directory Server version 4.1 or greater
J u l y
2 0 0 1
63
The following libraries and packages are prerequisites in order to use Novell’s
eCommerce LDAP Beans:
1.
2.
3.
JNDI 1.2.1 Class Libraries and the LDAP 1.2.2 Service Provider. This
software is included in the Java 2 SDK, v1.3. However, if you are using the
Java 2 SDK, v1.2, you will need to follow these steps to install the software
as an installed extension:
•
Download and uncompress the JNDI 1.2.1 Class Libraries and the LDAP
1.2.2 Service Provider from the JNDI Web site
(http://java.sun.com/products/jnd).
•
Copy the libraries (jndi.jar, ldap.jar, providerutil.jar) from both packages
to JAVA\lib\ext directory, where JAVA is the Java Runtime home (e.g.
sys:\java or c:\jdk1.2.2\jre).
An implementation of JSSE 1.0.2 is also required when using TLS/SSL with
the eCommerce LDAP Beans. Sun’s JSSE 1.0.2 package meets this
requirement. Follow these steps to install Sun’s implementation of JSSE:
•
Download and uncompress the JSSE 1.0.2 software from the JSSE Web
site (http://java.sun.com/products/jsse).
•
Copy the library (jsse.jar) from the package to JAVA\lib\ext directory,
where JAVA is the Java Runtime home (e.g. sys:\java or c:\jdk1.2.2\jre).
If you are not going to use a TLS/SSL connection, you must enable clear text
passwords by doing the following:
•
Run ConsoleOne and select your default container under the NDS tree.
•
Right-click on the LDAP Group object and select Properties.
•
On the General tab, mark “Allow Clear Text Passwords.”
LDAP Connections
Interacting with an LDAP server requires a number of items, including a
connection to the server. Connecting to a server requires initializing a session with
the LDAP server over the server’s LDAP port (typically 389). If the session
initialization is successful, a connection handle is returned, which contains
information about the connection to the LDAP server. When you use the standard
LDAP API functions to interact with the LDAP server, you need to pass the
connection handle as a parameter to most of the functions. When using Novell’s
eCommerce Beans for LDAP, the connection handle is hidden and the interaction
with an LDAP server is simplified. This is demonstrate in the following examples.
64
Authenticating Methods for LDAP
Authentication Method 1 - Standard:
<%@ page import="com.novell.ecb.Connection" %>
<%@ page errorPage="..error.jsp" %>
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>

<jsp:useBean id="bean"
class="com.novell.ecb.ldap.AuthenticateLdap" scope="request" />
<%
// Set the input properties of the command bean
bean.setURL(request.getParameter("URL"));
bean.setDN(request.getParameter("DN"));
bean.setPassword(request.getParameter("password"));
// Call the execute method of the command bean
bean.execute();
// Query the output properties of the command bean
// Save connection object in session
session.putValue("Connection",
bean.getLdapConnection());
%>
<TABLE border="0" cellpadding="0" cellspacing="3"
bgcolor="white">
<TBODY>
<TR>
<TD colspan="2" bgcolor="#CCCC99" width="400">
<DIV class="tablehead1">AuthenticateLdap Standard</DIV>
</TD>
</TR>
<TR>
<TD>
<DIV class="indent1"><B><FONT color="green"
size="+1">Success!</FONT></B></DIV>
</TD>
<TD></TD>
</TR>
</TBODY>
</TABLE>
</BODY>
</HTML>
Authentication Method 2 - SSL Connection:
<HTML>
<HEAD>
J u l y
2 0 0 1
65
<TITLE></TITLE>
</HEAD>
<BODY>
<%
bean.setProtocol("ssl");
bean.execute();
session.putValue("Connection", bean.getLdapConnection());
%>
<TABLE border="0" cellpadding="0" cellspacing="3" bgcolor="white">
<TBODY>
<TR>
<DIV class="tablehead1">AuthenticateLdap - SSL Connection</DIV>
</TD>
</TR>
<TR>
<TD>
</TD>
<TD></TD>
</TR>
</TBODY>
</TABLE>
</BODY>
</HTML>
Authentication Method 3 - Context-less login: Context-less login involves logging
in using an e-mail address or any other entry attribute. There are two phases
during the operation of context-less login. During the first phase, set the URL,
CN, or Filter and Password. When execute() is called, the bean searches for
matches to the CN or Filter. If only one match is found, the bean tries to
authenticate using the Password. An exception is thrown if no matches are
returned from the search. If more than one match is returned from the search, the
isAuthenticated() method returns false. During the second phase, get the DNs
from the bean. Choose one DN from the list and set the DN. When execute() is
called the second time, the bean uses the distinguished name of the authentication
object.
66
<%@ page import="com.novell.ecb.ldap.LdapConnection" %>
<%@ page import="com.novell.ecb.ldap.ContextlessLoginLdap" %>
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
class="com.novell.ecb.ldap.ContextlessLoginLdap" scope="request"
/>
<%
// Check request for dn parameter
String dn = request.getParameter("DN");
// Initial requst
if (dn == null)
{
bean.setLdapSearchConnection((LdapConnection)session.getValue("Con
nection"));
bean.setCN(request.getParameter("cn"));
bean.execute();
}
// Followup request
else
{
// Get command bean from session
bean =
(ContextlessLoginLdap)session.getValue("ContextlessLogin");
session.removeValue("ContextlessLogin");
bean.setDN(dn);
bean.execute();
}
// Check authentication
if (bean.isAuthenticated())
{
%>
<TBODY>
<TR>
J u l y
2 0 0 1
67
<DIV class="tablehead1">ContextlessLoginLdap</DIV>
</TD>
</TR>
<TR>
<TD>
</TD>
<TD></TD>
</TR>
</TBODY>
</TABLE>
<%
}
else
{
// Save command bean in session
session.putValue("ContextlessLogin", bean);
%>
<FORM name="AuthenticateLdap3" action="AuthenticateLdap3.jsp"
method="post">
<TBODY>
<TR>
<TD bgcolor="#6B8899" colspan="2" width="400">
<DIV class="tablehead2">ContextlessLoginLdap</DIV>
</TD>
</TR>
<TR bgcolor="white">
<TD colspan="2">
<DIV class="formdescriptext"></DIV>
</TD>
</TR>
<TD nowrap></TD>
<TD nowrap></TD>
</TR>
<TD colspan="2">
<DIV class="head3indent">DN</DIV>
</TD>
</TR>
<%
// Loop through possible DNs
String[] dns = bean.getDNs();
for(int i=0; i<dns.length; i++)
{
%>
<TD nowrap colspan="2"><DIV class="indent1"><INPUT type="radio"
name="DN" value="<%=dns[i]%>"<%=(i==0)?"
checked":""%>> <%=dns[i]%></DIV></TD>
</TR>
<%
}
%>
68
<TD nowrap></TD>
<TD nowrap></TD>
</TR>
<TD nowrap></TD>
<TD nowrap></TD>
</TR>
<TD></TD>
<TD><INPUT type="submit" name="Submit" value="Submit"> <INPUT
type="reset"></TD>
</TR>
<TD colspan="2">
<HR noshade size="2">
</TD>
</TR>
</TBODY>
</TABLE>
</FORM>
<%
}
%>
</BODY>
</HTML>
Authentication Method 4 - Public:
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<%
bean.execute();
%>
<TBODY>
<TR>
<DIV class="tablehead1">AuthenticateLdap - Public</DIV>
</TD>
</TR>
<TR>
J u l y
2 0 0 1
69
<TD>
</TD>
<TD></TD>
</TR>
</TBODY>
</TABLE>
</BODY>
</HTML>
Maintaining State for an LDAP Connection
Since the HTTP protocol is stateless, which means state is not maintained across
multiple requests from the same user, there needs to be a way to preserve the state
of the user’s session. This is done by exploiting the state-saving mechanism
presented by the HttpSession object exposed as an implicit object in all JSP pages.
The session object can be used to store objects containing any arbitrary data that
should be kept track of during the session with each client. The following example
demonstrates how to use the implicit session object to store the LDAP connection
object returned from the AuthenticateLdap bean:
<%
bean.execute();
%>
Browsing LDAP Entries
The following code demonstrates how to browse LDAP entries.
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TBODY>
<TR>
<TD bgcolor="#CCCC99" width="400">
70
<DIV class="tablehead1">ListLdapEntries</DIV>
</TD>
</TR>
<jsp:useBean id="bean" class="com.novell.ecb.ldap.ListLdapEntries"
scope="request" />
<%
bean.setConnection((Connection)session.getValue("Connection"));
bean.setName(request.getParameter("name"));
bean.execute();
String[] names = bean.getNames();
for (int i=0; i < names.length; i++)
{
String color = (i % 2 == 0) ? "#FFFFFF" : "#EFEEE9";
%>
<TR bgcolor="<%=color%>">
<TD>
<DIV class="indent1"><%=names[i]%></DIV>
</TD>
</TR>
<%
}
%>
</TBODY>
</TABLE>
</BODY>
</HTML>
Searching for LDAP entries
The following is an example of Search Method 1:
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TBODY>
<TR>
<DIV class="tablehead1">SearchLdapEntries - Match Attributes</DIV>
</TD>
</TR>
class="com.novell.ecb.ldap.SearchLdapEntries" scope="request" />
J u l y
2 0 0 1
71
<%
// Allow a null attribute value
String attrValue = request.getParameter("attrValue");
if (attrValue != null && attrValue.length() == 0)
{
attrValue = null;
}
bean.addMatchingAttribute(request.getParameter("attrName"),
attrValue);
bean.execute();
for (int i=0; i < names.length; i++)
{
String color = (i % 2 == 0)? "#FFFFFF" : "#EFEEE9";
%>
<TD>
</TD>
</TR>
<%
}
%>
</TBODY>
</TABLE>
</BODY>
</HTML>
Search Method 2:
The following is an example of Search Method 2.
<%@ page import="com.novell.ecb.ldap.SearchLdapEntries" %>
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<TBODY>
<TR>
<DIV class="tablehead1">SearchLdapEntries - Filter</DIV>
</TD>
</TR>
72
class="com.novell.ecb.ldap.SearchLdapEntries" scope="request" />
<%
bean.setFilter(request.getParameter("filter"));
String scopeString = request.getParameter("scope");
if (scopeString .equalsIgnoreCase("object"))
{
bean.setSearchScope(SearchLdapEntries.OBJECT_SCOPE);
}
else if (scopeString .equalsIgnoreCase("onelevel"))
{
bean.setSearchScope(SearchLdapEntries.ONELEVEL_SCOPE);
}
else if (scopeString .equalsIgnoreCase("subtree"))
{
bean.setSearchScope(SearchLdapEntries.SUBTREE_SCOPE);
}
bean.execute();
for (int i = 0; i < names.length; i++)
{
String color = (i % 2 == 0)? "#FFFFFF" : "#EFEEE9";
%>
<TD>
</TD>
</TR>
<%
}
%>
</TBODY>
</TABLE>
</BODY>
</HTML>
Creating LDAP Entries
The code that follows shows how to create LDAP entries.
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
J u l y
2 0 0 1
73
<BODY>
<jsp:useBean id="bean" class="com.novell.ecb.ldap.CreateLdapEntry"
scope="request" />
<%
bean.addAttribute("objectClass",
request.getParameter("objectClass"));
bean.execute();
%>
<TBODY>
<TR>
<DIV class="tablehead1">CreateLdapEntry</DIV>
</TD>
</TR>
<TR>
<TD>
</TD>
<TD></TD>
</TR>
</TBODY>
</TABLE>
</BODY>
</HTML>
Reading LDAP Entries
The following is an example of reading LDAP entries.
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<jsp:useBean id="bean" class="com.novell.ecb.ldap.ReadLdapEntry"
scope="request" />
<%
try {
// Instantiate the command bean
ReadLdapEntry bean = new ReadLdapEntry();
bean.setLdapConnection(connection);
74
bean.setName("cn=wcoyote, o=acme");
bean.execute();
String cn = bean.getStringValue("cn");
String sn = bean.getStringValue("sn");
} catch (CommandException e) {
// Handle exception
out.println(e.toString());
}
%>
<TBODY>
<TR>
<DIV class="tablehead1">ReadLdapEntry</DIV>
</TD>
</TR>
<TR>
<TD>
</TD>
<TD></TD>
</TR>
</TBODY>
</TABLE>
</BODY>
</HTML>
Modifying LDAP Entries
The following code is used to modify attributes.
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<jsp:useBean id="bean" class="com.novell.ecb.ldap.ModifyLdapEntry"
scope="request" />
<%
String opString = request.getParameter("op");
if (opString.equalsIgnoreCase("add")) // Add an attribute
J u l y
2 0 0 1
75
{
bean.addAttribute(request.getParameter("attrName"),
request.getParameter("attrValue"));
}
else if (opString.equalsIgnoreCase("remove")) // Remove an
attribute
{
bean.removeAttribute(request.getParameter("attrName"));
}
else if (opString.equalsIgnoreCase("replace")) // Replace an
attribute
{
bean.replaceAttribute(request.getParameter("attrName"),
request.getParameter("attrValue"));
}
bean.execute();
%>
<TBODY>
<TR>
<DIV class="tablehead1">ModifyLdapEntry</DIV>
</TD>
</TR>
<TR>
<TD>
</TD>
<TD></TD>
</TR>
</TBODY>
</TABLE>
</BODY>
</HTML>
Changing Password:
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<jsp:useBean
id="bean"
class="com.novell.ecb.ldap.ChangePasswordLdapEntry"
scope="request" />
<%
try {
bean.setLdapConnection((Connection)session.getValue("Connection"))
;
76
bean.setOldPassword("password");
bean.setNewPassword("newPassword");
bean.execute();
// Handle exception
}
%>
<TBODY>
<TR>
<DIV class="tablehead1">ChangePasswordLdapEntry</DIV>
</TD>
</TR>
<TR>
<TD>
</TD>
<TD></TD>
</TR>
</TBODY>
</TABLE>
</BODY>
</HTML>
Setting Password:
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<jsp:useBean
id="bean"
class="com.novell.ecb.ldap.SetPasswordLdapEntry"
scope="request" />
<%
try {
// Instantiate the command bean
SetPasswordLdapEntry bean = new SetPasswordLdapEntry();
bean.setLdapConnection((Connection)session.getValue("Connection"))
;
bean.setPassword("password");
bean.execute();
J u l y
2 0 0 1
77
// Handle exception
}
%>
<TBODY>
<TR>
<DIV class="tablehead1">SetPasswordLdapEntry</DIV>
</TD>
</TR>
<TR>
<TD>
</TD>
<TD></TD>
</TR>
</TBODY>
</TABLE>
</BODY>
</HTML>
Deleting LDAP Entries
The following code is an example code for deleting LDAP entries.
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<jsp:useBean id="bean" class="com.novell.ecb.ldap.DeleteLdapEntry"
scope="request" />
<%
bean.execute();
%>
<TBODY>
<TR>
<DIV class="tablehead1">DeleteLdapEntry</DIV>
</TD>
</TR>
78
<TR>
<TD>
</TD>
<TD></TD>
</TR>
</TBODY>
</TABLE>
</BODY>
</HTML>
Summary
Novell’s eCommerce Beans for LDAP provide Java components for integrating
Web applications with Net services and LDAP directories. These components are
100 percent Java and use open protocols. Their architecture uses the
Model-View-Controller (MVC) and Command design patterns. These
components enable authentication and read/write directory access along with
features such as contextless login and SSL security. Using Novell’s eCommerce
Beans for LDAP as the foundation for directory service access allows Web
application developers to build on a platform that is secure, transportable,
re-usable, and scalable.
References
http://developer.netscape.com/docs/manuals/dirsdk/dirsdk.htm
http://developer.novell.com/ndk/doc/ecb/ldap/index.html
http://www.ietf.org/html.charters/ldapbis-charter.html
http://www.ietf.cnri.reston.va.us/html.charters/ldup-charter.html
http://www.ietf.cnri.reston.va.us/html.charters/ldapext-charter.html
Copyright © 2001 by Novell, Inc. All rights reserved.
No part of this document may be reproduced or transmitted
in any form or by any means, electronic or mechanical,
including photocopying and recording, for any purpose
without the express written permission of Novell.
All product names mentioned are trademarks of
their respective companies or distributors.
J u l y
2 0 0 1
79

How to Integrate NDS eDirectory with Your Web Application Using How-To Article

Transcription

Similar documents

Canyon Ada Twin Falls Gooding

LED Bean Ball

JOHN BEAN V 501

Western School District 5-1-15

home style - Clare Gogerty

Holiday Shopping is a One-stop Celebration at L.L.Bean

LSN : Seed : Hang it all: Show time in the shop window

Millennium Park, Chicago

L`Orignal L`Orignal Carnival

ICHIGO DAIFUKU - The BIG Group