Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

LDAP + SSL + tomcat- Please help!

843811Oct 10 2003 — edited Oct 24 2003
Please help I searched the whole site, i m new to JNDI, Security and E-directory, all I got was confusion, and lots of exception.

Here's my problem, I trying to run a web application on tomcat web server. I have a login.html, for users to login to my application. Currently all username and password are stored Novell e-directory. Currently I have the following Code.

<%@page import="javax.naming.*"%>
<%@page import="javax.naming.directory.*"%>
<%@page import="java.util.*"%>
<%@page import=" java.lang.*"%>
<%@page import="java.security.*"%>

<%

String uid = request.getParameter("user");

// Set up the environment for creating the initial context
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://10.1.1.199:636/o=hcfhe");
env.put(Context.SECURITY_PRINCIPAL, "cn=ldapbrowse, ou=it, o=hcfhe");
env.put(Context.SECURITY_CREDENTIALS, "ldapbrowse");
env.put(Context.SECURITY_PROTOCOL,"ssl");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put("java.naming.ldap.factory.socket","javax.net.ssl.SSLSocketFactory");
env.put("java.naming.ldap.version","3");
System.setProperty("javax.net.ssl.keyStore", "c://j2sdk1.4.0//jre//lib//security//cacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
System.setProperty("javax.net.ssl.trustStore", "c://j2sdk1.4.0//jre//lib//security//cacerts");
System.setProperty("javax.net.debug","all");

// Create the initial context
try {
DirContext ctx = new InitialDirContext(env);
System.out.println("Is it binding..................");
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results = ctx.search("", "(cn="+ uid +")", ctls);

SearchResult sr = (SearchResult)results.nextElement();
String dn = sr.getName();
//String mycon = ((SearchResult)answer.next()).getName();
System.out.println("DN" + dn);
// ... do something useful with ctx

if(dn != null) {
response.sendRedirect("index2.html");
}
ctx.close();
} catch (NamingException e) {
System.err.println("Problem getting attribute:" + e);
e.printStackTrace();
}
%>

I am trying to authenticate my users over SSL to e-directory, and HERE'S where i am totally lost(BTW i can connect to my LDAP directory without SSL. My Network adminsistrator has given me a certificate from the server called SSLMASTER.DER, which I tried install in file called CACERTS in java_home\jre\lib\security using keytool. An it seems like its there using keytool -list command.

and edited the server.xml:

<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler" value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port" value="8443"/>
<Parameter name="socketFactory" value="org.apache.tomcat.net.SSLSocketFactory"/>
<!--<Parameter name="keystore" value="C:/jakarta-tomcat-3.2.4/conf/.keystore" />-->
<Parameter name="keystore" value="C:/j2sdk1.4.0/jre/lib/security/cacerts" />
<Parameter name="keypass" value="changeit"/>
<Parameter name="clientAuth" value="true"/>
</Connector>


Now I start re-start tomcat, and type in the following URL

http://localhost:8080/college_register/uk/ac/havering-college/index122.html, then i enter the username and password, when submitted it goes to the above java code or even if i do https://localhost:8443/college_register/uk/ac/havering-college/index122.html. I still get the error below.

javax.naming.CommunicationException: simple bind failed: 10.1.1.199:636. Root e
xception is javax.net.ssl.SSLHandshakeException: Couldn't find trusted certifica
te
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA62
75)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:69
)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:127)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:385)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:309)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:168)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2516)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:263)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:76)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
62)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243
)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>


please tell me what else i need to do.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Nov 21 2003
Added on Oct 10 2003
#java-secure-socket-extension-jsse
2 comments
692 views