There are two ways to verify user's password -
1) Use "UserRegistry"
public static boolean checkUserAuthenticatedLDAP(String userId, String password) {
try {
Context ctx = new InitialContext();
com.ibm.websphere.security.UserRegistry reg = (com.ibm.websphere.security.UserRegistry) ctx.lookup("UserRegistry");
String res = reg.checkPassword(userId, password);
try {
Context ctx = new InitialContext();
com.ibm.websphere.security.UserRegistry reg = (com.ibm.websphere.security.UserRegistry) ctx.lookup("UserRegistry");
String res = reg.checkPassword(userId, password);
return res != null;
} catch (Exception ex) {
return false;
}
}
return false;
}
}
2) Use "LoginContext"
/**
* This method validates the user based on the user id and password
* attributes, If the user id or password is not valid then throws Exception.
*
* @param userId
* @param password
* @return boolean
* @throws Exception
*/
public boolean checkUserAuthenticated(String userId, String password) throws Exception {
javax.security.auth.login.LoginContext loginContext = null;
Subject subject = null;
try {
loginContext = new javax.security.auth.login.LoginContext("WSLogin", new com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl(userId, password));
} catch (javax.security.auth.login.LoginException e) {
throw new Exception("Cannot create LoginContext", e);
}
try {
loginContext.login();
subject = loginContext.getSubject();
} catch (com.ibm.websphere.security.auth.WSLoginFailedException e) {
throw new Exception("Password is incorrect", e);
} catch (Exception e) {
throw new Exception("Unknown username", e);
}
if (subject == null)
throw new Exception("Password is incorrect");
return true;
}
* This method validates the user based on the user id and password
* attributes, If the user id or password is not valid then throws Exception.
*
* @param userId
* @param password
* @return boolean
* @throws Exception
*/
public boolean checkUserAuthenticated(String userId, String password) throws Exception {
javax.security.auth.login.LoginContext loginContext = null;
Subject subject = null;
try {
loginContext = new javax.security.auth.login.LoginContext("WSLogin", new com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl(userId, password));
} catch (javax.security.auth.login.LoginException e) {
throw new Exception("Cannot create LoginContext", e);
}
try {
loginContext.login();
subject = loginContext.getSubject();
} catch (com.ibm.websphere.security.auth.WSLoginFailedException e) {
throw new Exception("Password is incorrect", e);
} catch (Exception e) {
throw new Exception("Unknown username", e);
}
if (subject == null)
throw new Exception("Password is incorrect");
return true;
}
No comments:
Post a Comment