DeveloperNet University Home > Online Courses > Novell eCommerce Beans

eBook (Printable PDF format)

Add Other Methods of Authentication

eCommerce Beans allows you to search through the Directory tree for a specific attribute and then authenticate the user using that attribute. Instead of the username, the client could authenticate with an email address or even another attribute or custom created attribute. Create a second authentication page that will allow the user to authenticate using an attribute other than a username.

1. Create an HTML page with a text field to enter in the email address of a user.
   
   
2. Open the HTML tag by typing <html>.
   
   
3. Open the HEAD tag by typing <head>.
   
   
4. Set a title by typing <title>Authentication by Email Address</title>.
   
   
5. Close the HEAD tag by typing </head>.
   
   
6. Open the BODY tag by typing <body>.
   
   
7. Output a header 1 by typing <h1>Enter your email address and password</h1>.
   
   
8. Open the form tag and complete the method and post attributes of the form. This tells the HTML page where it is posting. The statement is:
   
   

<form method = "post" action = "http://server_name:8080/servlet/auth2">

1. Open one input text field with the input tag and label their names email.
   
   

<input type = "text" size = "50" name = "email" />

1. Open two buttons, a submit and reset button, then close the form, body and html tags.
   
   

<input type = "submit" value = "Authenticate" />

<input type = "reset" value = "Clear Fields" />

Here is my code for the HTML page.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
   
<html>
<head>
<title>Authentication by Email Address</title>
</head>
   
<body>
   
<body bgcolor = "ffffde">
   
<h1>Please Enter Your Email Address and Password</h1>
   
<form method = "post" action =
   "http://edu-qc.provo.novell.com:8080/servlet/auth2">
   
<table>
<tr>
   <td>
      <p>Email Addr:</p>
   </td>
   <td>
      <input type = "text" size = "50" name = "username" />
   </td>
</tr>
<tr>
   <td>
      <p>Password:</p>
   </td>
   <td>
      <input type = "password" size = "50" name = "password" />
   </td>
   </tr>
</table>
   
<br>
   
<p>
   <input type = "submit" value = "Authenticate" />
   <input type = "reset" value = "Clear Fields" />
</p>
   
</form>
</body>
</html>

2. Now, let's create the servlet that will search for the user by his/her email address and lookup the password for the user.
   
   
3. Begin with the basic servlet stub from the previous exercise.
   
   
4. Import the ECB libraries with the statements:
   
   

Import com.novell.ecb.*;
Import com.novell.ecb.ldap.*;
Import com.novell.ecb.security.*;

1. Instantiate an LdapConnection bean.
   
   
2. In the doPost() method, instantiate a ContextlessLoginLdap bean.
   
   
3. Create a string to pass in the filter method for the email attribute with the statement:
   
   

String s = "mail=" + request.getParameter("email");

1. Set the URL, filter, and password properties of the bean with the statements:
   
   

bean.setURL("ldap://edu-qc.provo.novell.com");
bean.setFilter(s);
bean.setPassword(request.getParameter("password"));

1. Run the bean's execute() method.
   
   
2. Create an HttpSession object, assign the ldap connection to the LdapConnection bean and add the session to the HttpSession object.
   
   

HttpSession session = request.getSession(true);
connection = bean.getLdapConnection();
session.setAttribute("Connection", connection);

1. Welcome the user to the site and output their email address.
   
   
2. Catch LdapAuthenticationException, LdapNameNotFoundException, LdapInvalidNameException, and CommandExceptions and output a message to the user and the stack trace.
   
   

You have just written an authentication to eDirectory using an email address. Here is my code.

import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.*;
import com.novell.ecb.ldap.*;
import com.novell.ecb.*;
   
public class auth2 extends HttpServlet
{
   private static final String CONTENT_TYPE = "text/html";
   //connection object I will use for any constant connections to the 
eDirectory LdapConnection connection = null;
   public void init() throws ServletException
   {
   }
   public void doPost(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException
   {
      //sets output content type so the servlet knows what to output to the
      //browser
      response.setContentType(CONTENT_TYPE);
   
      //printwriter is how I output HTML to the browser
      PrintWriter out = response.getWriter();
      out.println("<html>");
      out.println("<head><title>Authentication Servlet</title></head>");
      out.println("<body bgcolor=\"#ffc800\">");
   
      //Instantiates a new Authentication Bean
      ContextlessLoginLdap bean = new ContextlessLoginLdap();
   
      String s = "mail=" + request.getParameter("email");
      System.out.println(s);
   
      //sets the required input properties of the bean
      bean.setURL("ldap://edu-qc.provo.novell.com");
      bean.setFilter(s);
      bean.setPassword(request.getParameter("password"));
   
      try
      {
         //calls the execute method of the method; the execute method must be
         //contained within a try block.  This is where you can catch the
         //necessary exceptions.
         bean.execute();
   
      //adds my connection object into the session
      HttpSession session = request.getSession(true);
      connection = bean.getLdapConnection();
      session.setAttribute("Connection", connection);
   
      if (bean.isAuthenticated())
      {
         //if authentication was successful, I'll let the user know
         out.println("<h1>Welcome, " + request.getParameter("email") +
            "</h1>");
         out.println("<h3>Authentication Succeeded!</h3>");
      }
   }
   catch(LdapAuthenticationException e)
   {
      out.println("<h1>You must have typed your password incorrectly</h1>");
      //for a servlet used in a production environment, I probably would not
      //output the exception to the browser, but just to the console with a
      //System.out.println() statement.  I send it to the browser here, just for
      //ease of debugging. the System.out.println() would go to the Tomcat
      //console on the server
      e.printStackTrace(out);
   }
   catch(LdapNameNotFoundException e)
   {
      out.println("<h1>Sorry, your name is not in the Directory!</h1>");
      e.printStackTrace(out);
   }
   catch(LdapInvalidNameException e)
   {
      out.println("<h1>The username is not in the proper LDAP naming 
         convention</h1>");
         e.printStackTrace(out);
      }
      catch(CommandException e)
      {
         out.println("<h1>This is a general command bean exception.  Check the
            stack trace for more detail.</h1>");
         e.printStackTrace(out);
      }
   
      catch (Exception e)
      {
         e.printStackTrace(out);
      }
      out.println("</body></html>");
   }
   //Clean up resources
   public void destroy()
   {
   }
}