[ Pobierz całość w formacie PDF ]
.Sorry to drag you through allthese details, but hopefully it helps you see exactly why you need to not only use JNDI, butalso to supply a specific context factory class instead of relying on an application server tohandle that detail.In addition to that specificity, you also need to use ajavax.naming.directory.DirContext, specifically designed for LDAP access, instead ofthe more generic javax.naming.Context object used in the last chapter.The end result? Well, it's only about fifteen lines of code, but it establishes a connection to adirectory server and returns that connection in the form of a DirContext object instance.Thismethod replaces the context factory variable with Sun's LDAP provider instead of one of thevendor-specific classes you might see in your server's example code.It takes in the hostnameand port number to connect to, as well as a username and password.The username andpassword can be null (the overloaded constructors pass in the null value when no usernameor password is provided), but if they are non-null, authentication to the directory server alsooccurs in this method.This authentication turns out to be vital; the user supplied will be theuser under which actions like adding users, assigning permissions, and deleting groups areperformed.If that user doesn't have sufficient permissions to perform these actions, theactions will fail.You'll see that when using the manager, the directory manager user is usuallypreferred for this initial connection.Add the following method, which puts all of these detailsinto action, to the LDAPManager class:private DirContext getInitialContext(String hostname, int port,String username, String password)throws NamingException {String providerURL =new StringBuffer("ldap://").append(hostname).append(":").append(port).toString( );Properties props = new Properties( );props.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");props.put(Context.PROVIDER_URL, providerURL);if ((username != null) && (!username.equals(""))) {props.put(Context.SECURITY_AUTHENTICATION, "simple");props.put(Context.SECURITY_PRINCIPAL, username);props.put(Context.SECURITY_CREDENTIALS,((password == null) ? "" : password));}return new InitialDirContext(props);}101Building Java"! Enterprise Applications Volume I: ArchitectureOnce a constructor invokes this method, the manager component has a DirContext to operateupon.But how does this relate to the directory server's structure? JNDI does not use semanticslike "connection" or "organizational unit." So just as it is important to understand how serviceproviders work, it is vital to grasp how the JNDI structures the Context objects relate tothe directory server structure.When the getInitialContext( ) method returns a DirContext instance, that instance ismapped to the very top level of the directory server's structure.In the Forethought case, this isthe "root" of the tree where the organization is "forethought.com" (o=forethought.com).Objects bound to the naming service are then referred to in JNDI as subcontexts.Eachsubcontext is bound to a name, the object's DN.So for the user whose username is "shirlbg"and whose DN is uid=shirlbg,ou=People,o=forethought.com, the object is bound to thesubcontext uid=shirlbg,ou=People,o=forethought.com under the top-level context.The DNof an object identifies not only the path to that object in the directory, but also the mapping ofthat object under the top-level directory context.Figure 6-4 shows how the JNDI contextsrelate to the directory server hierarchy (you will remember this structure from Figure 3-11).Figure 6-4.Mapping JNDI contexts to the Forethought directory serverThe only other item you will have to deal with in detail is thejavax.naming.directory.Attribute class.Each instance of this class represents a specificattribute for an object class.Thus, the common name, or cn, attribute of the inetOrgPersonobject class can be retrieved, modified, and deleted using the Attribute class.Figure 6-5takes a specific entry from the Forethought directory server, the sample user Shirley[3]Greathouse that I have been using in the examples in this chapter, and shows how itsattributes relate to the JNDI Attribute class.Figure 6-5.Attributes and directory server entries6.2.3 UsersNow that you have a skeleton to build on, you simply need to add support for the object typesused in the Forethought application: users, groups, and permissions.I'll start with users, asthey are basic to any application [ Pobierz całość w formacie PDF ]