วิธีการเชื่อมต่อ PSU Passport ด้วย JSP ผ่าน LDAPS
ทดสอบบน : Windows 2008 R2 / IIS 7.5 / Tomcat 7
1. ดาวน์โหลด CA Certificate PSU Passport โดยเลือกเป็น Base 64 ดังรูป
2. จากนั้นทำการ Import PSUCer เข้า keystore ของ java ก่อนประมาณนี้ครับ (ปรับเปลี่ยนตำแหน่งไฟล์ตาม Version ที่ลงครับ (keystore password default : changeit)
c:\>"c:\Program Files\Java\jre1.8.0_31\bin\keytool.exe" --import -file c:\certnew.cer -keystore "c:\Program Files\Java\jre1.8.0_31\lib\security\cacerts"
เป็นอันเสร็จขั้นตอนการติดตั้ง Certificate ในส่วนต่อไปจะเป็น Code คือแยกเป็น 2 file ซึ่งเป็น file class กับไฟล์ GUI ดังนี้ครับ
Class PSULdap (psuldap.jsp)
<%@ page import="javax.servlet.http.Cookie" %>
<%@ page import="javax.naming.InitialContext"%>
<%@ page import="javax.naming.Context"%>
<%@ page import="java.lang.Object"%>
<%@ page import="java.util.Hashtable"%>
<%@ page import="java.io.*,java.util.*,javax.naming.*,javax.naming.directory.* " %>
<%@ page import="java.sql.*" %>
<%
class PSULdap {
public String[] getAttributeFromLdap(String[] server,String basedn, String username, String password)
{
String port = "636";
//[0]=success/fail,[1]=success(permit/deny),fail(authenerror)
String[] attributeFilter = {"authenstatus","extension","cn", "samaccountname", "employeeid", "citizenid", "company",
"campusid", "department", "departmentid", "physicaldeliveryofficename", "positionid",
"description", "displayname", "title", "personaltitle", "personaltitleid", "givenname",
"sn", "sex", "userprincipalname","mail"};
String[] attributeAnswer = {"","","","","","","","","","","","","","","","","","","","","",""};
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.REFERRAL, "follow");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,username + "@psu");
env.put(Context.SECURITY_CREDENTIALS, password);
String authStatus = "fail";
int i=0;
while((i < server.length) && (authStatus == "fail")){
try {
env.put(Context.PROVIDER_URL, "ldaps://" + server[i] + "/");
DirContext dc = new InitialDirContext(env);
SearchControls sc = new SearchControls();
sc.setReturningAttributes(attributeFilter);
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectClass=user)(objectCategory=person)(samaccountname="+username+"))";
NamingEnumeration answer = dc.search(basedn,filter,sc);
attributeAnswer[1] = "deny";
while (answer.hasMore()) {
SearchResult sr = (SearchResult) answer.next();
Attributes attrs = sr.getAttributes();
Attribute attr;
Enumeration vals;
for(int j = 2;j < attributeFilter.length; j++){
attr = attrs.get(attributeFilter[j]);
if(attr != null){
vals = attrs.get(attributeFilter[j]).getAll();
attributeAnswer[j] = (String)vals.nextElement();
attributeAnswer[1] = "permit";
}
}
}
authStatus = "pass";
dc.close();
attributeAnswer[0]="success";
}catch(NamingException ex) {
attributeAnswer[0]="fail";
attributeAnswer[1]=ex.toString();
}
i = i + 1;
}
return attributeAnswer;
}
}
%>
Code Login (index.jsp)
<%--
'PSU Passport JSP-LDAP Weblogin Version 1.0.0
'Author : Jatuporn Chuchuay ISD CC PSU (Tel.2082)
'Update : 18/04/2013
--%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PSU Passport : JSP-LDAP example</title>
</head>
<body>
<%@ include file="psuldap.jsp" %>
<%
if ("POST".equalsIgnoreCase(request.getMethod())){
//DC1(VM),2(RACK),7(VM)-Hatyai,DC3(RACK)-Pattani,DC4(RACK)-Phuket,DC5(RACK)-Surat,DC6(RACK)-Trang
String[] authentication_server = {"dc2.psu.ac.th","dc7.psu.ac.th","dc1.psu.ac.th"};
String basedn = "dc=psu,dc=ac,dc=th";
String username = request.getParameter("username");
String password = request.getParameter("password");
PSULdap ldapObj = new PSULdap();
String[] ldapAttr = ldapObj.getAttributeFromLdap(authentication_server,basedn,username,password);
//[0]=success/fail,[1]=success(permit/deny),fail(authenerror)
//[2]=cn,[3]=samaccountname,[4]=employeeid,[5]=citizenid,[6]=campus,[7]=campusid,[8]=department
//[9]=departmentid,[10]=workdetail,[11]=positionid,[12]=description,[13]=displayname
//[14]=detail,[15]=title,[16]=titleid,[17]=firstname,[18]=lastname,[19]=sex,[20]=mail[21]=othermail
out.println("Authen Status : " + ldapAttr[0] + "<br/>");
if(ldapAttr[0]=="success"){
out.println("Priviledge : " + ldapAttr[1] + "<br/>");
if(ldapAttr[1]=="permit"){
out.println("<br/>>> User Profile <<<br/>");
out.println("Account Name : " + ldapAttr[3] + "<br/>");
out.println("Employee ID/Student ID : " + ldapAttr[4] + "<br/>");
out.println("Citizen ID : " + ldapAttr[5] + "<br/>");
out.println("CN : " + ldapAttr[2] + "<br/>");
out.println("Campus : " + ldapAttr[6] + "(" + ldapAttr[7] + ")<br/>");
out.println("Department : " + ldapAttr[8] + "(" + ldapAttr[9] + ")<br/>");
out.println("Work Detail : " + ldapAttr[10] + "<br/>");
out.println("Position ID : " + ldapAttr[11] + "<br/>");
out.println("Description : " + ldapAttr[12] + "<br/>");
out.println("Display Name : " + ldapAttr[13] + "<br/>");
out.println("Detail : " + ldapAttr[14] + "<br/>");
out.println("Title Name : " + ldapAttr[15] + "(" + ldapAttr[16] + ")<br/>");
out.println("First Name : " + ldapAttr[17] + "<br/>");
out.println("Last Name : " + ldapAttr[18] + "<br/>");
out.println("Sex : " + ldapAttr[19] + "<br/>");
out.println("Mail : " + ldapAttr[20] + "<br/>");
out.println("Other Mail : " + ldapAttr[21] + "<br/>");
}
}else{
//Uncomment for debug error code
//out.println("Authen Error Code : " + ldapAttr[1] + "<br/>");
}
}else{
%>
This area is restricted.<br>
Please login to continue.<br>in
<form method='post' action=''>
Username: <input type='text' name='username' value=''><br>
Password: <input type='password' name='password'><br>
<br>
<input type='submit' name='submit' value='Submit'><br>
</form>
<%
}
%>
</body>
</html>
