DeveloperNet University Home > Online Courses > Novell eCommerce Beans

eBook (Printable PDF format)

Use HTML and a Servlet to Build an Authentication Page

Create an HTML page with two text boxes, one for the username and one for the password. Have the HTML page submit to a Java Servlet that will check to see if the user exists in eDirectory. If the user authenticates, send them to a welcome page that welcomes them to the site and displays their username. If the user does not exist, return a message to the user or redirect them to a page that tells them so. Be sure to catch the necessary exceptions. Remember that the user will not know their LDAP context. The steps to complete the exercise are outlined below.

1. Create an HTML page with a text box and a password field. Add two buttons for submit and reset to the page.
   
   
2. If you have an HTML editor, you can use it and create a new project with an HTML page called auth1.html.
   
   
3. On the HTML page, insert the doctype declaration first to declare the version of HTML you are using. I have been using XHTML 1.0 so here is my doctype declaration:
   
   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

1. Open the HTML tag by typing <html>.
   
   
2. Open the HEAD tag by typing <head>.
   
   
3. Set a title by typing <title>Authentication Page</title>.
   
   
4. Close the HEAD tag by typing </head>
   
   
5. Open the BODY tag by typing <body>.
   
   
6. Output a header 1 by typing <h1>Enter your username and password</h1>.
   
   
7. Open the form tag and complete the method and post attributes of the form. This tells the HTML page where it is posting. The statement is:
   
   

<form method = "post" action = "http://server_name:8080/servlet/auth1">

1. Open two input text fields with the input tag and label their names username and password.
   
   

<input type = "text" size = "50" name = "username" />
<input type = "password" size = "50" name = "password" />

1. Open two buttons, a submit and reset button, then close the form, body and html tags.
   
   

<input type = "submit" value = "Authenticate" />
<input type = "reset" value = "Clear Fields" />

Here is the HTML page I created.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
<html>
<head>
<title>Authenticate to eDirectory</title>
</head>
   
<body bgcolor = "ffffde">
   
<h1>Please Enter Your Username and Password</h1>
   
<form method = "post" action = "http://edu-qc.provo.novell.com:8080/servlet/auth1">
   
<p><label>Username:<input type = "text" size = "50" name = "username" /></label></p>
<p><label>Password:<input type = "password" size = "50" name = "password" /></label></p>
<br>
   
<p>
   <input type = "submit" value = "Authenticate" />
   <input type = "reset" value = "Clear Fields" />
</p>
   
</form>
   
</body>
</html>

2. Now create a Java Servlet to handle the authentication and dynamic display back to the user whether their authentication was accepted or rejected.
   
   
3. I created a new project and servlet in JBuilder, which gave me the following stub. We can just add our code to this stub until it is complete.
   
   

import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.*;
   
public class Servlet1 extends HttpServlet
{
   private static final String CONTENT_TYPE = "text/html";
   public void init() throws ServletException
   {
   }
   //Process the HTTP Post request
   public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException
   {
      response.setContentType(CONTENT_TYPE);
      PrintWriter out = response.getWriter();
      out.println("<html>");
      out.println("<head><title>Servlet1</title></head>");
      out.println("<body bgcolor=\"#ffffc0\">");
      out.println("<p>The servlet has received a POST. This is the reply.</p>");
      out.println("</body></html>");
   }
   //Clean up resources
   public void destroy()
   {
   }
}

1. First you need to add the 3 eCommerce Beans libraries to your classpath and import them into your servlet. The import statements are:
   
   

import com.novell.ecb.*;
import com.novell.ecb.ldap.*;
import com.novell.ecb.security.*

1. Next, you can instantiate an LdapConnection as a class member. We really won't use this object in this program, but we will in the following programs.
   
   
2. You only need to override the doPost method. So you should put all the code in the doPost method, or if you want to create additional functions outside of doPost and have doPost be the "driver" that works too.
   
   
3. Instantiate an AuthenticateLdap bean with the line: AuthenticateLdap bean = new AuthenticateLdap();.
   
   
4. Next, create a string that will be used to provide eDirectory with the fully distinguished name and concatenate the LDAP context to the username. I do this with the statement:
   
   

String s = "cn=" + request.getParameter("username") + ", o=novell";

1. Now, set the input properties of the AuthenticateLdap bean with the following statements:
   
   

bean.setURL("ldap://edu-qc.provo.novell.com"); //edu-qc is my
server name.  Substitute your server name here.  
   bean.setDN(s);
   bean.setPassword(request.getParameter("password"));

1. Now, that the properties are set, you can call the bean's execute method and set your connection object. I also inserted my connection object into the session.
   
   
2. Now you want to use out.println() statements to display a message to the user if authentication succeeded.
   
   
3. You should catch the following exceptions which will be common errors in the program. Catch LdapAuthenticationException, LdapNameNotFoundException, LdapInvalidNameException, and CommandException. Just display a message to the user that the exception occurred.
   
   
4. You have just written a simple authentication into eDirectory. Take a look at my code for the servlet below.
   
   

import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.*;
import com.novell.ecb.ldap.*;
import com.novell.ecb.*;
   
public class auth1 extends HttpServlet
{
   private static final String CONTENT_TYPE = "text/html";
   //connection object I will use for any constant connections to the eDirectory
   LdapConnection connection = null;
   public void init() throws ServletException
   {
   }
   public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException
   {
      //sets output content type so the servlet knows what to output to the
      browser response.setContentType(CONTENT_TYPE);
   
   //printwriter is how I output HTML to the browser
   PrintWriter out = response.getWriter();
   out.println("<html>");
   out.println("<head><title>Authentication Servlet</title></head>");
   out.println("<body bgcolor=\"#ffc800\">");
   
   //Instantiates a new Authentication Bean
   AuthenticateLdap bean = new AuthenticateLdap();
   
   //puts the username in proper LDAP name
   String s = "cn=" + request.getParameter("username") + ", o=novell";
   
   //sets the required input properties of the bean
   bean.setURL("ldap://edu-qc.provo.novell.com");
   bean.setDN(s);
   bean.setPassword(request.getParameter("password"));
   
   try
   {
      //calls the execute method of the method; the execute method must be 
      //contained within a try block.  This is where you can catch the necessary
      //exceptions.
      bean.execute();
   
      //creates a session adds my connection object into the session
      HttpSession session = request.getSession(true);
      connection = bean.getLdapConnection();
      session.setAttribute("Connection", connection);
   
      if (bean.isAuthenticated())
      {
         //if authentication was successful, I'll let the user know
         out.println("<h1>Welcome, " + request.getParameter("username") +
            "</h1>");
         out.println("<h3>Authentication Succeeded!</h3>");
      }
   }
   catch(LdapAuthenticationException e)
   {
      out.println("<h1>You must have typed your password incorrectly</h1");
      //for a servlet used in a production environment, I probably would not
      //output the exception to the browser, but just to the console with a
      //System.out.println() statement.  I send it to the browser here, just for
      //ease of debugging. the System.out.println() would go to the Tomcat
      //console on the server
      e.printStackTrace(out);
   }
   catch(LdapNameNotFoundException e)
   {
      out.println("<h1>Sorry, your name is not in the Directory!</h1>");
      e.printStackTrace(out);
   }
   catch(LdapInvalidNameException e)
   {
      out.println("<h1>The username is not in the proper LDAP naming
         convention</h1>");
      e.printStackTrace(out);
   }
   catch(CommandException e)
   {
      out.println("<h1>This is a general command bean exception.  Check the
      stack trace for more detail.</h1>");
      e.printStackTrace(out);
      }
      catch (Exception e)
      {
         e.printStackTrace(out);
      }
      out.println("</body></html>");
   }
   //Clean up resources
   public void destroy()
   {
   }
}