วิธีการเชื่อมต่อ PSU Passport ด้วย JSP ผ่าน LDAPS
ทดสอบบน : Windows 2008 R2 / IIS 7.5 / Tomcat 7
1. ดาวน์โหลด CA Certificate PSU Passport โดยเลือกเป็น Base 64 ดังรูป
2. จากนั้นทำการ Import PSUCer เข้า keystore ของ java ก่อนประมาณนี้ครับ (ปรับเปลี่ยนตำแหน่งไฟล์ตาม Version ที่ลงครับ (keystore password default : changeit)
c:\>"c:\Program Files\Java\jre1.8.0_31\bin\keytool.exe" --import -file c:\certnew.cer -keystore "c:\Program Files\Java\jre1.8.0_31\lib\security\cacerts"
เป็นอันเสร็จขั้นตอนการติดตั้ง Certificate ในส่วนต่อไปจะเป็น Code คือแยกเป็น 2 file ซึ่งเป็น file class กับไฟล์ GUI ดังนี้ครับ
Class PSULdap (psuldap.jsp)
<%@ page import="javax.servlet.http.Cookie" %> <%@ page import="javax.naming.InitialContext"%> <%@ page import="javax.naming.Context"%> <%@ page import="java.lang.Object"%> <%@ page import="java.util.Hashtable"%> <%@ page import="java.io.*,java.util.*,javax.naming.*,javax.naming.directory.* " %> <%@ page import="java.sql.*" %> <% class PSULdap { public String[] getAttributeFromLdap(String[] server,String basedn, String username, String password) { String port = "636"; //[0]=success/fail,[1]=success(permit/deny),fail(authenerror) String[] attributeFilter = {"authenstatus","extension","cn", "samaccountname", "employeeid", "citizenid", "company", "campusid", "department", "departmentid", "physicaldeliveryofficename", "positionid", "description", "displayname", "title", "personaltitle", "personaltitleid", "givenname", "sn", "sex", "userprincipalname","mail"}; String[] attributeAnswer = {"","","","","","","","","","","","","","","","","","","","","",""}; Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.REFERRAL, "follow"); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.SECURITY_PRINCIPAL,username + "@psu"); env.put(Context.SECURITY_CREDENTIALS, password); String authStatus = "fail"; int i=0; while((i < server.length) && (authStatus == "fail")){ try { env.put(Context.PROVIDER_URL, "ldaps://" + server[i] + "/"); DirContext dc = new InitialDirContext(env); SearchControls sc = new SearchControls(); sc.setReturningAttributes(attributeFilter); sc.setSearchScope(SearchControls.SUBTREE_SCOPE); String filter = "(&(objectClass=user)(objectCategory=person)(samaccountname="+username+"))"; NamingEnumeration answer = dc.search(basedn,filter,sc); attributeAnswer[1] = "deny"; while (answer.hasMore()) { SearchResult sr = (SearchResult) answer.next(); Attributes attrs = sr.getAttributes(); Attribute attr; Enumeration vals; for(int j = 2;j < attributeFilter.length; j++){ attr = attrs.get(attributeFilter[j]); if(attr != null){ vals = attrs.get(attributeFilter[j]).getAll(); attributeAnswer[j] = (String)vals.nextElement(); attributeAnswer[1] = "permit"; } } } authStatus = "pass"; dc.close(); attributeAnswer[0]="success"; }catch(NamingException ex) { attributeAnswer[0]="fail"; attributeAnswer[1]=ex.toString(); } i = i + 1; } return attributeAnswer; } } %>
Code Login (index.jsp)
<%-- 'PSU Passport JSP-LDAP Weblogin Version 1.0.0 'Author : Jatuporn Chuchuay ISD CC PSU (Tel.2082) 'Update : 18/04/2013 --%> <%@page contentType="text/html" pageEncoding="UTF-8"%> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>PSU Passport : JSP-LDAP example</title> </head> <body> <%@ include file="psuldap.jsp" %> <% if ("POST".equalsIgnoreCase(request.getMethod())){ //DC1(VM),2(RACK),7(VM)-Hatyai,DC3(RACK)-Pattani,DC4(RACK)-Phuket,DC5(RACK)-Surat,DC6(RACK)-Trang String[] authentication_server = {"dc2.psu.ac.th","dc7.psu.ac.th","dc1.psu.ac.th"}; String basedn = "dc=psu,dc=ac,dc=th"; String username = request.getParameter("username"); String password = request.getParameter("password"); PSULdap ldapObj = new PSULdap(); String[] ldapAttr = ldapObj.getAttributeFromLdap(authentication_server,basedn,username,password); //[0]=success/fail,[1]=success(permit/deny),fail(authenerror) //[2]=cn,[3]=samaccountname,[4]=employeeid,[5]=citizenid,[6]=campus,[7]=campusid,[8]=department //[9]=departmentid,[10]=workdetail,[11]=positionid,[12]=description,[13]=displayname //[14]=detail,[15]=title,[16]=titleid,[17]=firstname,[18]=lastname,[19]=sex,[20]=mail[21]=othermail out.println("Authen Status : " + ldapAttr[0] + "<br/>"); if(ldapAttr[0]=="success"){ out.println("Priviledge : " + ldapAttr[1] + "<br/>"); if(ldapAttr[1]=="permit"){ out.println("<br/>>> User Profile <<<br/>"); out.println("Account Name : " + ldapAttr[3] + "<br/>"); out.println("Employee ID/Student ID : " + ldapAttr[4] + "<br/>"); out.println("Citizen ID : " + ldapAttr[5] + "<br/>"); out.println("CN : " + ldapAttr[2] + "<br/>"); out.println("Campus : " + ldapAttr[6] + "(" + ldapAttr[7] + ")<br/>"); out.println("Department : " + ldapAttr[8] + "(" + ldapAttr[9] + ")<br/>"); out.println("Work Detail : " + ldapAttr[10] + "<br/>"); out.println("Position ID : " + ldapAttr[11] + "<br/>"); out.println("Description : " + ldapAttr[12] + "<br/>"); out.println("Display Name : " + ldapAttr[13] + "<br/>"); out.println("Detail : " + ldapAttr[14] + "<br/>"); out.println("Title Name : " + ldapAttr[15] + "(" + ldapAttr[16] + ")<br/>"); out.println("First Name : " + ldapAttr[17] + "<br/>"); out.println("Last Name : " + ldapAttr[18] + "<br/>"); out.println("Sex : " + ldapAttr[19] + "<br/>"); out.println("Mail : " + ldapAttr[20] + "<br/>"); out.println("Other Mail : " + ldapAttr[21] + "<br/>"); } }else{ //Uncomment for debug error code //out.println("Authen Error Code : " + ldapAttr[1] + "<br/>"); } }else{ %> This area is restricted.<br> Please login to continue.<br>in <form method='post' action=''> Username: <input type='text' name='username' value=''><br> Password: <input type='password' name='password'><br> <br> <input type='submit' name='submit' value='Submit'><br> </form> <% } %> </body> </html>
Leave a Reply