LDAP Logon and Password Management

I am just about to start off a new subproject which does logon and password management for LDAP. These are just my notes. Since this is for work, I can't post the full source code in the open, sorry. However, most of my readers should be competent enough to build it if they have to. Some background I don't like to create any unnecessary work for myself. Early on, I realized that when you log into one application in the application server, you are logged onto every application on the application server. This is with WebSphere and Tomcat. So I find it annoying when I go into a new project and I (or someone else) has to rebuild the logon use case with the change and manage password. Unfortunately, the proper enterprise solution tends to get expensive and is a separate project on its own. The proper enterprise solution would be an Identity Management solution such as Tivoli Identity Manager. Because of time constraints, I am going to do the YAGNI approach so everything would be in one uber project. I'll split it off later. My other goal is to make what I build into an archetype so we can use it with other projects as an asset. Some notes to get me started I have to hold the LDAP contexts so I do not use up any grace logins if I have to change the password on expiration. I do not intend to put in any detailed error messages aside from "you got an error". There is a servlet filter that after j_security_check it does the expiration checks and forwards to the right pages. Starting things off To start things off I am going to use Maven's webapp archetype: mvn archetype:create -DarchetypeArtifactId=maven-archetype-webapp -DgroupId=org.xxx -DartifactId=XxxLogon Getting into the IDE And since I am an Eclipse user, I just typed the following in the directory mvn eclipse:eclipse I chose this approach over using the Eclipse plug-in, because I find that the maven command line plugin gets updated more regularly than that of the Eclipse plug-in. Unfortunately, the archtetype does not support WTP. This isn't much of a surprise for me since I had issues with Maven and WTP a year before. It is disappointing that these were not integrated with the archetype. Anyway I just added the plugin information and it seems to register as a webapp when I imported it into Eclipse. I then put in the maven jetty plug-in and test it out by going to http://localhost:8080/XxxLogon and "Hello world" comes out successfully. Nice I recommend this approach rather than using the servers that run on WTP, because (after experimenting) JSP changes get applied automatically, no need for a seperate publish step. Security Now I have to make it so it forces me to do a logon. However, when I put in the security-constraints (except for transport-guarantee which I know should not work because I didn't set up SSL) it gives me the error "No realm". It turns out I need to set up a realm, but I couldn't find any Realms for Jetty that uses LDAP so for now I used the HashUserRealm. I did this by adding the userRealms blob as shown in Maven2 Jetty Plugin: Configuration and created my realms.properties file that looks like trajano: passw0rd,everyone Once I did that I can log in properly. SSO test I decided to deploy to WebSphere Application Serer rather than Jetty since I haven't found out how to do multiple app deployments using the Jetty plugin. No biggie. I need to deploy it there in the end anyway. Ran the XxxLogon app entered my credentials then went to the URL of the real app. Works like a charm! Since I have eliminated the integration risk, I don't have to deal with that for a while now. Ya gotta like RUP's elaboration phase. What's next? In the next few days I am going to do the expiration handling and change of password.