การเชื่อมต่อ PSU Passport : JSP-LDAP

วิธีการเชื่อมต่อ PSU Passport ด้วย JSP ผ่าน LDAPS

ทดสอบบน : Windows 2008 R2 / IIS 7.5 / Tomcat 7

1. ดาวน์โหลด CA Certificate PSU Passport โดยเลือกเป็น Base 64 ดังรูป
2015-01-27_153731

2. จากนั้นทำการ Import PSUCer เข้า keystore ของ java ก่อนประมาณนี้ครับ (ปรับเปลี่ยนตำแหน่งไฟล์ตาม Version ที่ลงครับ (keystore password default : changeit)

c:\>"c:\Program Files\Java\jre1.8.0_31\bin\keytool.exe" --import -file c:\certnew.cer -keystore "c:\Program Files\Java\jre1.8.0_31\lib\security\cacerts"

เป็นอันเสร็จขั้นตอนการติดตั้ง Certificate ในส่วนต่อไปจะเป็น Code คือแยกเป็น 2 file ซึ่งเป็น file class กับไฟล์ GUI ดังนี้ครับ

Class PSULdap (psuldap.jsp)

<%@ page import="javax.servlet.http.Cookie" %>
<%@ page import="javax.naming.InitialContext"%>
<%@ page import="javax.naming.Context"%>
<%@ page import="java.lang.Object"%>
<%@ page import="java.util.Hashtable"%>
<%@ page import="java.io.*,java.util.*,javax.naming.*,javax.naming.directory.* " %>
<%@ page import="java.sql.*" %>
<%
class PSULdap {
 public String[] getAttributeFromLdap(String[] server,String basedn, String username, String password) 
 {
 String port = "636";
 //[0]=success/fail,[1]=success(permit/deny),fail(authenerror)
 String[] attributeFilter = {"authenstatus","extension","cn", "samaccountname", "employeeid", "citizenid", "company",
 "campusid", "department", "departmentid", "physicaldeliveryofficename", "positionid", 
 "description", "displayname", "title", "personaltitle", "personaltitleid", "givenname", 
 "sn", "sex", "userprincipalname","mail"};
 String[] attributeAnswer = {"","","","","","","","","","","","","","","","","","","","","",""}; 
 Hashtable env = new Hashtable();
 env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
 env.put(Context.REFERRAL, "follow"); 
 env.put(Context.SECURITY_AUTHENTICATION, "simple");
 env.put(Context.SECURITY_PRINCIPAL,username + "@psu");
 env.put(Context.SECURITY_CREDENTIALS, password);
 String authStatus = "fail";
 int i=0;
 while((i < server.length) && (authStatus == "fail")){
 try {
 env.put(Context.PROVIDER_URL, "ldaps://" + server[i] + "/");
 DirContext dc = new InitialDirContext(env);
 SearchControls sc = new SearchControls();
 sc.setReturningAttributes(attributeFilter);
 sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
 
 String filter = "(&(objectClass=user)(objectCategory=person)(samaccountname="+username+"))";
 
 NamingEnumeration answer = dc.search(basedn,filter,sc);
 attributeAnswer[1] = "deny";
 while (answer.hasMore()) { 
 SearchResult sr = (SearchResult) answer.next(); 
 Attributes attrs = sr.getAttributes();
 Attribute attr;
 Enumeration vals;
 for(int j = 2;j < attributeFilter.length; j++){
 attr = attrs.get(attributeFilter[j]);
 if(attr != null){
 vals = attrs.get(attributeFilter[j]).getAll();
 attributeAnswer[j] = (String)vals.nextElement();
 attributeAnswer[1] = "permit";
 } 
 }
 }
 authStatus = "pass";
 dc.close();
 attributeAnswer[0]="success";
 }catch(NamingException ex) { 
 attributeAnswer[0]="fail";
 attributeAnswer[1]=ex.toString();
 }
 i = i + 1;
 }
 return attributeAnswer;
 }
}
%>

Code Login (index.jsp)

<%--
'PSU Passport JSP-LDAP Weblogin Version 1.0.0
'Author : Jatuporn Chuchuay ISD CC PSU (Tel.2082)
'Update : 18/04/2013
--%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PSU Passport : JSP-LDAP example</title>
</head>
<body>
<%@ include file="psuldap.jsp" %>
<%
if ("POST".equalsIgnoreCase(request.getMethod())){
 //DC1(VM),2(RACK),7(VM)-Hatyai,DC3(RACK)-Pattani,DC4(RACK)-Phuket,DC5(RACK)-Surat,DC6(RACK)-Trang
 String[] authentication_server = {"dc2.psu.ac.th","dc7.psu.ac.th","dc1.psu.ac.th"};
 String basedn = "dc=psu,dc=ac,dc=th";
 String username = request.getParameter("username");
 String password = request.getParameter("password");

 PSULdap ldapObj = new PSULdap(); 
 String[] ldapAttr = ldapObj.getAttributeFromLdap(authentication_server,basedn,username,password);
 //[0]=success/fail,[1]=success(permit/deny),fail(authenerror)
 //[2]=cn,[3]=samaccountname,[4]=employeeid,[5]=citizenid,[6]=campus,[7]=campusid,[8]=department
 //[9]=departmentid,[10]=workdetail,[11]=positionid,[12]=description,[13]=displayname
 //[14]=detail,[15]=title,[16]=titleid,[17]=firstname,[18]=lastname,[19]=sex,[20]=mail[21]=othermail
 out.println("Authen Status : " + ldapAttr[0] + "<br/>");
 if(ldapAttr[0]=="success"){
 out.println("Priviledge : " + ldapAttr[1] + "<br/>");
 if(ldapAttr[1]=="permit"){
 out.println("<br/>>> User Profile <<<br/>");
 out.println("Account Name : " + ldapAttr[3] + "<br/>");
 out.println("Employee ID/Student ID : " + ldapAttr[4] + "<br/>");
 out.println("Citizen ID : " + ldapAttr[5] + "<br/>");
 out.println("CN : " + ldapAttr[2] + "<br/>");
 out.println("Campus : " + ldapAttr[6] + "(" + ldapAttr[7] + ")<br/>");
 out.println("Department : " + ldapAttr[8] + "(" + ldapAttr[9] + ")<br/>");
 out.println("Work Detail : " + ldapAttr[10] + "<br/>");
 out.println("Position ID : " + ldapAttr[11] + "<br/>");
 out.println("Description : " + ldapAttr[12] + "<br/>");
 out.println("Display Name : " + ldapAttr[13] + "<br/>");
 out.println("Detail : " + ldapAttr[14] + "<br/>");
 out.println("Title Name : " + ldapAttr[15] + "(" + ldapAttr[16] + ")<br/>");
 out.println("First Name : " + ldapAttr[17] + "<br/>");
 out.println("Last Name : " + ldapAttr[18] + "<br/>");
 out.println("Sex : " + ldapAttr[19] + "<br/>");
 out.println("Mail : " + ldapAttr[20] + "<br/>");
 out.println("Other Mail : " + ldapAttr[21] + "<br/>");
 }
 }else{
 //Uncomment for debug error code
 //out.println("Authen Error Code : " + ldapAttr[1] + "<br/>");
 }

}else{
%>
This area is restricted.<br>
Please login to continue.<br>in

<form method='post' action=''>
Username: <input type='text' name='username' value=''><br>
Password: <input type='password' name='password'><br>
<br>
<input type='submit' name='submit' value='Submit'><br>
</form>
<%
}
%>
</body>
</html>

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *