Get custom user attributes from AD in weblogic

Question

CAn anybody describe me how to get additional user attributes from AD using weblogic security? I have configured security provider and trying to authenticate in my JEE application.

        HttpServletRequest request =
            (HttpServletRequest)((ServletRequest)ADFContext.getCurrent().getEnvironment().getRequest());
        CallbackHandler handler =
            new SimpleCallbackHandler(username, password);               
        try {
            Subject subject = Authentication.login(handler);
            ServletAuthentication.runAs(subject, request);              
        } catch (Exception e) {
            e.printStackTrace();
            return "fail";
        }

Everything is OK. But from Subject I can take only user login and role, but I need user phone and employeeNumber. How can I do it?

Answer 1

Once you have retrieved the user name from the Subject you're going to have to issue an LDAP query to get the extra information. It will look something like the following:

properties.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
properties.put(Context.PROVIDER_URL, "LDAP://yourldap:389");
properties.put(Context.SECURITY_PRINCIPAL, ldapqueryuser + "@yourldap");
properties.put(Context.SECURITY_CREDENTIALS, ldapqueryuserpassword);

// initializing active directory LDAP connection
dirContext = new InitialDirContext(properties);
dirContext.search(name, filter, cons)

These examples are pretty thorough:

http://docs.oracle.com/javase/jndi/tutorial/getStarted/examples/directory.html http://myjeeva.com/querying-active-directory-using-java.html

The java doc for InitialDirContext is here:

http://docs.oracle.com/javase/7/docs/api/javax/naming/directory/InitialDirContext.html