Sample Application Demonstrating User Authentication using Oracle Internet Directory Java API
Date: 29-Nov-2004
Table of Contents
Introduction
Application Overview
Software Requirements
Terminology
Configuring the Application
Deploying and Running the Application
Sample Application Files
TroubleShooting
Additional References
Introduction
Prerequisite
This sample program is intended for audience interested in integrating customer Java application with Oracle Identity Management. The specific usage here deals with user look-up as well as user authentication using Oracle Internet Directory Java API.
To understand this sample application the user is expected to have knowledge in the following area,
- JNDI
- Oracle Identity Management - User Management
Technical Overview
Oracle Identity Management provides a framework to securely manage User and Group information of an enterprise. The Delegated Administrative Service (DAS) allows an end user to look up other user information through a GUI tool. Oracle Single Sign-on (SSO) provides a centralized mechanism to authenticate users. Customer web applications can be setup as a partner application and delegate the authentication function to Oracle Single Sign-on.
However, there are instances where an application needs to look up user information in a programmatic way. Similarly, there are instances where a customer application would like to authenticate a user directly in the code.
Oracle Internet Directory Java API is built on top of Sun’s JNDI. It provides a layer of abstraction from the underlying LDAP storage of the data and a user-friendly interface to extract information about users and groups.
Application Overview
This sample is a simple Java program using the Oracle Internet Directory Java API. It starts off by establishing a connection with the Oracle Internet Directory in the form of a DirContext. Using this connection, the Java program then creates a RootOracleContext object. Using the RootOracleContext, a Subscriber object representing the default realm is created. The default realm contains the sample user population. Using the Subscriber object, the intended user information can now be fetched through a User object.
The User object is then used to authenticate the user with clear text password.
Software Requirements
The following software is required for configuring and running this sample application.
Terminology
| Term |
Definition |
| <ORACLE_HOME> |
Directory where Oracle 10g Application Server is installed. For example. D:\oracle or /private/oracle |
| <SAMPLE_HOME> |
The directory where the sample application is extracted |
| <JAVA_HOME> |
The directory where JAVA is installed |
<OID_Host>
|
The hostname where Oracle Internet Directory is running |
<OID_Port>
|
The non-SSL port number of Oracle Internet Directory |
<Superuser_Password>
|
The password of superuser “cn=orcladmin” |
Configuring the Application
- Unzip the provided SampleUser.zip. This creates SampleUser directory with all the source files. We will refer to this directory as
<SAMPLE_HOME>.
- To create the sample LDAP entries, execute the following command against the provided
<SAMPLE_HOME>/data/sample.ldif. This creates an appropriate LDIF file with default containers substituted.
<ORACLE_HOME>/bin/ldifmigrator input_file=<SAMPLE_HOME>/data/sample.ldif output_file=<SAMPLE_HOME>/data/sample_out.ldif –lookup dn="cn=orcladmin" password=<Superuser_Password> port=<OID_Port> host=<OID_Host>
- Once the
sample_out.ldif is created, you can upload the entries using the following command
<ORACLE_HOME>/bin/ldapmodify –h <OID_Host> -p <OID_Port> -D "cn=orcladmin" –w <Superuser_Password> -v -f <SAMPLE_HOME>/data/sample_out.ldif
The data created by sample_out.ldif consists of the following:
- A set of sample users under the user container of the default realm of the directory. For example, if the realm DN is "dc=acme,dc=com", then the users are created under "dc=sample_users,cn=users,dc=acme,dc=com"
- A set of sample groups under the group container of the default realm of the directory. For example, if the realm DN is "dc=acme,dc=com", then the groups are created under "dc=sample_groups,cn=groups,dc=acme,dc=com". The members of these groups consist of the sample users created above.
- An application entity created. The DN is "orclApplicationCommonName=myTestApp1". This application entity is given the DASAdmin privilege which gives it sufficient user/group management privileges for this sample application. UserProxyPrivilege is also given allowing the application entity to proxy as any end user under the realm user container.
Deploying and Running the Application
- In the
<SAMPLE_HOME>/src directory, compile the SampleUser class using the following command
<JAVA_HOME>/bin/javac -d . –classpath <ORACLE_HOME>/jlib/ldapjclnt10.jar SampleUser.java
- To run the
SampleUser class, run following Java command from the <SAMPLE_HOME>/src directory
- On Windows
<JAVA_HOME>/bin/java –classpath .;<ORACLE_HOME>/jlib/ldapjclnt10.jar oracle.otnsamples.oim.SampleUser <OID_Host> <OID_Port>
- On Linux or Solaris
<JAVA_HOME>/bin/java –classpath .:<ORACLE_HOME>/jlib/ldapjclnt10.jar oracle.otnsamples.oim.SampleUser <OID_Host> <OID_Port>
Sample Application Files
This section provides a tabular listing of the sample application files, along with their respective directory locations and a description of what they do in the overall scheme of the application.
| Directory |
File |
Description |
<SAMPLE_HOME>\doc |
readme.html |
This file |
<SAMPLE_HOME>\src |
*.java |
Java source files used in this sample application |
<SAMPLE_HOME>\data |
*.ldif |
LDIF files containing the sample LDAP data |
TroubleShooting
- If the following exception is seen, please check and make sure that the data has been loaded correctly
Exception in thread "main" javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
Additional References
Please enter your comments about this sample application here. |
Bookmark
