A user is accessing a restricted web application with JAAS (on Glassfish 2.1). LDAPRealm is used, and authentication is successfully performed from LDAP. A password policy should be installed for the users, so that they are forced to change passwords, have passwords of certain complexity/length, password failures and last N passwords should be checked. Password policy of LDAP server used (OpenDS) supports all this, but it is not obvious at all how to receive this kind of information in JAAS FORM login we are using, so that the information (i.e. "Please change you password") can be displayed to the user.
Do you have any ideas how to go about implementing this? Using database only is not an option, users need to be in LDAP. What is not obvious is whether to use LDAP pass开发者_StackOverflow社区word policies at all, or have it all programmed in our web application. I would like to avoid this and use LDAP's native password policies.
Thank you for answers and best regards, Bozo
Unfortunately, what you can do using JAAS is kind of constrained to a small set of operations that any login system can support. While LDAP supports a password policy, other login systems (eg keystores) may not, so JAAS cannot have code that requires this.
Hence, you'll have to talk to the LDAP server directly using either JNDI or possibly this library from Novell.
Got it. Have to use a SAM, since you cannot receive LoginException (with reason of login failure) in the existing auth mechanisms in Glassfish. Answer is here: How to override j_security_check in glassfish?
精彩评论