License CC-BY-SA1

Application Development Using Spring LDAP

Balaji Varanasi

About Me

Development Manager Author LDAPUnit Creator

License CC-BY-SA

Agenda

JNDI

Java LDAP Application Development

Java LDAP Development

• JNDI Way Of Development

• Connect to LDAP Server

• Perform LDAP Operations

• Close resources

JNDI – Connecting to LDAP

Properties environment = new Properties();environment.setProperty(DirContext.INITIAL_CONTEXT_FACTORY,

"com.sun.jndi.ldap.LdapCtxFactory");environment.setProperty(DirContext.PROVIDER_URL, "ldap://localhost:11389");environment.setProperty(DirContext.SECURITY_PRINCIPAL, "cn=Directory Manager");environment.setProperty(DirContext.SECURITY_CREDENTIALS, "opendj");

DirContext context = new InitialDirContext(environment);

JNDI – Performing LDAP OperationSearchControls searchControls = new SearchControls();searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);searchControls.setReturningAttributes(new String[]{"givenName", "sn",

"telephoneNumber"});

searchResults = context.search(BASE_PATH, "(objectClass=inetOrgPerson)", searchControls);

while (searchResults.hasMore()) {SearchResult result = searchResults.next();Attributes attributes = result.getAttributes();// Read single valued attributesString firstName = (String)attributes.get("givenName").get(); String lastName = (String)attributes.get("sn").get();

// Read the multi-valued attributeAttribute phoneAttribute = attributes.get("telephoneNumber");String[] phone = new String[phoneAttribute.size()];NamingEnumeration phoneValues = phoneAttribute.getAll();

for(int i = 0; phoneValues.hasMore(); i++) {phone[i] = (String)phoneValues.next();

}}

JNDI – Close Resources

if (searchResults != null) {

searchResults.close();}

if(context != null) {

context.close();}

JNDI LDAP Operations Demo

What’s wrong with JNDI?

• JNDI Drawbacks

• Plumbing Code

• Explicit Resource Management

• Checked Exceptions

Spring LDAP

Spring LDAP

“Makes it easier to build Spring-based applications that use the Lightweight Directory

Access Protocol”

Spring LDAP

“Makes it easier to build Spring-based applications that use the Lightweight Directory

Access Protocol”

Spring LDAP

• Rich set of features– Template and utility classes

– Search Filters

– ODM

– LDIF Parsing

– Transaction Management

– Connection Pooling

– Unchecked exception hierarchy

• Currently 1.3.2

• 2.0.0 in works

Spring LDAP Application Development

Spring LDAP Development

• Core Concepts

• Context Source

• LdapTemplate

Spring LDAP Development

• Context Source

• Abstracts LDAP Connection

• LdapContextSource implementation

LdapTemplate

• Provides Overloaded

• Search

• Lookup

• Bind/Unbind

• Authenticate methods

• Thread safe

Spring LDAP Template Demo

Integration Testing LDAP Code

• Integration Testing requirements

• Ability to spin up LDAP servers programmatically

• Programmatically start and stop servers

• We need to load data for each set of tests

• Embedded Servers

• Lightweight in nature

• Quick startup time

• Ease of configuration

• OpenDJ/OpenDS, ApacheDS, UnboundID

LdapUnit

• Simplifies LDAP Testing

• Supports three embedded servers

• Provides abstraction for other servers to be plugged in

• Puts LDAP Server in a known state

• Works with Spring LDAP or standalone Java code

• Version 0.6.0

• Code on GitHub: https://github.com/bava/ldapunit

LdapUnit Demo

Spring LDAP ODM

Spring LDAP ODM

• ORM for Databases

• Annotation Driven

• @Entry

• @Id

• @Attribute

• @Transient

ODM Demo

Spring LDAP ODM

• ORM Differences

• Caching of LDAP Entries not possible

• No XML mapping support

• Lazy loading of Entries not possible

What else can we improve?

Spring LDAP Authentication

public boolean authenticate(String userid, String password) {

DistinguishedName dn = new DistinguishedName(BASE_DN);dn.add("uid", userid);

DirContext authenticatedContext = null;try {

authenticatedContext = contextSource.getContext(dn.toString(), password);return true;

}catch(NamingException e) {

e.printStackTrace();return false;

}finally {

LdapUtils.closeContext(authenticatedContext);}

}

Spring LDAP Authentication

@Overridepublic boolean authenticate(String userid, String password) {

return ldapTemplate.authenticate("","(uid=" + userid + ")", password);}

Spring LDAP Authentication

public boolean authenticate(String userid, String password) {EmployeeAuthenticationErrorCallback errorCallback = new

EmployeeAuthenticationErrorCallback();boolean isAuthenticated = ldapTemplate.authenticate("","(uid=" + userid + ")",

password, errorCallback);if(!isAuthenticated) {

System.out.println(errorCallback.getAuthenticationException());}return isAuthenticated;

}

Questions

License CC-BY-SA33

Thanks!