by January 23, 2006 0 comments



Use the JXLoginPanel component in the Java Desktop Network Components set to create a feature-rich login mechanism for your Java application that doesn’t require you to write any code

Direct Hit!
Applies to:
Java developers
USP:
Enable your Java application to authenticate against a directory service by dropping in a few lines of code
Primary Link:

https://jdnc.dev.java.net
Google keywords:
java login authentication api ldap

Suppose you have developed a Java application that allows users to work on
sensitive and crucial data. A must have is to authenticate the users before they
start using the application. A way of doing this is to authenticate users
against your database. But with most organizations using some kind of directory
service like LDAP  (Lightweight
Directory Access Protocol), it makes more sense to authenticate against the
directory service. If you are looking for a quick drop in, involving only a few
lines of code, then to achieve this kind of authentication, JXLoginPanel comes
handy.

JXLoginPanel is part of the JDNC (Java Desktop Network
Components) project, which is one of the several open source projects hosted at
www.java.net. JDNC is a set of components such as JNTable, JNTree, JNEditor and
JXLoginPanel, which are readily usable in a Java Swing application. To download
the latest JDNC package, check out the steps given in the article ‘Intuitive
Database Display with JNTable’ later in this issue.

Set up LDAP
Let’s first setup  LDAP and
then see how to use JXLoginPanel. We’re using OpenLDAP on PCQLinux 2005.
Install this from using the openldap-servers and openldap-client packages. Once
that’s setup, open the file named slapd.conf in the directory /etc/openldap in
a text editor. Scroll down to the line that says:

suffix “dc=my-domain,dc=com”

and replace the values for ‘dc’ with the components of
your domain name.  Similarly also
change the line that says:

rootdn “cn=Manager,dc=my-domain,dc=com”

Next, scroll down to the line which says ‘# rootpw
secret’ and remove the preceding hash mark (#). You can substitute
‘secret’ with your preferred password. Save the file. Start the LDAP server
with  the following command

/etc/rc.d/init.d/ldap start

Next create a file named initial.ldif with the following
content

dn: dc=mycompany, dc=com
objectclass: dcObject
objectclass: organization
o: MyCompany
dc: mycompany
dn: cn=Manager,mycompany,dc=com
objectclass: organizationalRole
cn: Manager

 ldapadd
-x -D "cn=Manager,dc=mycompany,dc=com" -W
-f initial.ldif

When prompted, enter the password that you had specified in
the file slapd.conf (‘secret’ in our case). Henceforth, we will use a
graphical tool to add entries (user accounts) to the LDAP directory.

Add user accounts to LDAP
Download LDAP Browser/Editor from http://www-unix. mcs.anl.gov/~gawor/ldap/.
Follow the installation instructions on the site to install and run it. Click on
the ‘Quick Connect’ tab on the LDAP Browser/Editor. For Host, fill in the IP
address of the Linux machine running the LDAP server (127.0.0.1 if the LDAP
server is running on the same machine). For Base DN, type in the ‘dn=mycompany,
dn=com’. Uncheck the option ‘Anonymous Bind’ and then fill in
‘cn=Manager’ for the User DN.

Check the option ‘append base DN’ and fill in the
password that you had specified in the slapd.conf file. Click on Connect. This
will bring up an Explorer-like interface with an item named ‘dc=mycompany,
dc=com’ on the left. Now we start constructing the directory tree. Select the
item ‘dc=company, dc=com’. With the item selected, click on the Edit>Add
Entry>organizational Unit.

Modify the ‘dn’ to

ou=myemployees, dc=mycompany,dc=com

Click on Apply. Next we start setting up the user accounts,
with their names and passwords. Take ‘Shekhar’ as one of the usernames.
Select ‘ou=myemployees’ and click on  Edit>Add
Entry>person. Modify the ‘dn:’ to look like

cn=shekhar, ou=myemployees,
dc=mycompany,dc=com

  

The LDAP Browser/Editor allows you to graphically create and modify entries in your LDAP directory

Click on Set and enter the password (say ‘secret123’)
for  the user ‘shekhar’. For ‘sn:’
type in the surname. Click on Apply. Similarly accounts for other users. Next,
we will use JXLoginPanel to authenticate against this directory structure.

The JAAS config file
JXLoginPanel uses JAAS (Java Authentication and Authorization Service) to
authenticate against a directory service. Below is a sample config JAAS file for
our LDAP setup.

ldap {
        
com.sun.security.auth.module.LdapLoginModule
REQUIRED

            
userProvider="ldap://localhost/ou=myemployees,dc=
                
                 
mycompany,dc=com"
            
userFilter="(&(cn={USERNAME})(objectClass=person))"
            
useSSL=false
            
debug=false;
 
};

Substitute local host with the IP address or hostname of
the machine running LDAP. Save the above content in a file named jaas.config.
Next comes the code that launches the JXLoginPanel. Import
org.jdesktop.swing.auth.*.

JAASLoginService loginService
= new JAASLoginService("ldap");
JXLoginPanel.showLoginDialog(this, null, null, loginService, null,
null, null, JXLoginPanel.SAVE_USERNAME);

Put the above code in the constructor of your main (the
first) JFrame of your application. With the first statement we create a
loginService with the name of the service name specified in the JAAS config file
(ldap in this case). The second statement launches the login pop up. Note that
JXLoginPanel gives you the option to save the username and password that is
typed in. The syntax of JXLoginPanel.showLoginDialog( ) is:

JXLoginPanel.showLoginDialog(Frame
frame, String name, String password, LoginService service, PasswordStore store,
JComponent header, JComponent label, int saveMode)

Coming to the syntax, the first parameter will be the
reference of your main JFrame. With name and password, you can pre-fill the
username and password. For the fourth parameter, LoginService, you pass the
JAASLoginService object. For the fifth parameter, you can specify a
PasswordStore object.

The PasswordStore is an interface that can be used to
create your own class to get and set passwords. This gives you the choice of
storing the passwords in your preferred way-in a database or in an encrypted
file. With the header parameter you can pass an option header (say a JPanel with
the logo of the customer’s company). With the label parameter you can specify an
option JLabel (saying ‘Please type in your username and password’). The last
parameter can be set to  one of
three values: JXLoginPanel.SAVE_USERNAME,  JXLoginPanel.SAVE_PASSWORD
or  JXLoginPanel.SAVE_NONE.
SAVE_USERNAME will save only the username, SAVE_PASSWORD saves the password. You
can use SAVE_NONE to opt not to save either value.Note that the password can be
saved only if your pass a PasswordStore object.

Finally when you compile and run your application as

javac —classpath 
jdnc-0_7-all.jar;. <java-file>
java —cp jdnc-0_7-all.jar;. -Djava.security.auth.login.config=jaas.config
<class-file>

Note that we have passed the JAAS config file in the
command line argument ‘java.security.auth.login. config’. The first
interface you will see now is the login box, ready to authenticate the typed in
credentials against the LDAP directory.  Once
the login is successful, the application code continues to run/display the next
statement and screens. If login fails, you will see a ‘Login failed’
messagebox that we didn’t need to code for!

Shekhar Govindarajan, IT4Enterprise

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.