Jespa - Java Active Directory Integration
Time 2021-11-15 23:10:25Web Name: Jespa - Java Active Directory Integration
WebSite: http://www.ioplex.com
ID:234370
Keywords:
Java,Jespa,Active,Integration,Directory,Description:
keywords: description: Jespa - Java Active Directory IntegrationJespa is a Java software library that provides advanced integration between Microsoft Active Directory and Java applications. Jespa is a comprehensive language-level security solution. Rather than wrapping security around applications, this library provides highly intuitive "security provider" classes for performing a wide variety of security related functions including but not limited to authentication, creating accounts, setting passwords and checking group membership. The package includes several ready-to-use components such as the highly desired NTLMv2 HTTP enterprise Single Sign-On (SSO) authentication.Some things you can do with Jespa are:Authenticate HTTP clients using the NTLMv2 Single Sign-On (SSO) capability built into Internet Explorer and other browsers. This feature allows clients that are already logged into the domain to transparently authenticate using their existing credentials. Once a client is authenticated, the "security provider" may be retrieved to perform various security related operations in the context of the user.Use the advanced Jespa HTTP client (which of course supports proper NTLMv2 authentication) to securely access IWA or Jespa protected websites.Use the simple LDAP API to easily create, update and delete accounts, groups and other LDAP entries, set and change passwords, search, check group membership and validate credentials using the conventional "simple" LDAP bind technique. Using the Jespa LDAP API, these operations are trivial when compared to the equivalent JNDI code that would be required. The LDAP API works with both Active Directory and RFC based LDAP servers.Enable NTLMv2 authentication and transport encryption in existing JNDI LDAP code. This eliminates the need for SSL certificates and slow SSL communication.Chain multiple authentication mechanisms together to implement redundancy and failover capabilities. For example, a chain might be used to authenticate an HTTP client using NTLM, then LDAP and finally a custom security provider that uses SQL to query a local database of accounts.Jespa Overview
PDF; 2 Pages
Other noteworthy features of the Jespa library include:Transparent domain controller and DNS nameserver failoverEfficient implementation that minimizes network communication and memory usageDetailed documentationFast Windows group based access controlHTTP URL "handler" for enabling NTLM in existing Java applicationsEnable NTLM in SASL servers and clients with full transport encryptionUse the NTLM security provider directly to create custom NTLM solutionsUse the Jespa LDAP API with non-Active Directory LDAP servers such as OpenLDAPCost effective licensing with steep discounts for multiple installations in the same Active Directory forest or when shipped with your productSome of these features are described further below.The NTLM Security ProviderThe centerpiece of the Jespa library is its high quality implementation of the NTLM challenge responseauthentication protocol which can properly validate credentials with the NETLOGON service of ActiveDirectory domain controllers. The Jespa NTLM implementation matches the functionality of the WindowsNTLMSSP and supports all security policies exhibited by Windows clients and servers. Jespa fullyimplements NTLMv2 and uses it by default when acting as an initiator or acceptor. Jespa supports allLmCompatibilityLevel, NtlmMinServerSec and NtlmMinClientSec values used by Windows Server.NTLM HTTP Single Sign-On (SSO) AuthenticationMany web browsers support a type of Single Sign-On (SSO) authentication that uses NTLM. This is a highlydesirable feature because clients will not need to enter their password (unlike some "SSO" solutions wherethe user is redirected between secondary websites which usually still require entering credentials anyway). AJespa enabled website can automatically authenticate the client and acquire detailed information about theuser like their fully expanded group membership which it can then use to perform very fast Windows groupbased access control. Jespa includes a standard Java Servlet Filter for protecting sites with NTLM as well asan HttpSecurityService component for creating customized HTTP authentication solutions.Windows Group Based Access ControlThe Jespa NTLM security provider can check a user's group membership using standard windows groupnames like:
if (request.isUserInRole("BUSICORP\\ERP Admins")) { // code for ERP Admins group hereThese checks are extremely fast. The user's fully expanded list of group SIDs is acquired during NETLOGONauthentication. Once the group names within your code or configs have been translated into Windows SIDs,they are cached for subsequent access checks. This means that group based access checks almost neverrequire communication with the domain controller until the application is restarted.The Jespa LDAP APIJespa 1.1 now includes an excellent LDAP API that makes performing common LDAP operations "as simpleas possible, but not simpler". The developer can create user accounts, set passwords, add group members,perform advanced searches and much more with only a few lines of code. The Jespa LDAP API is mucheasier to use than the JNDI LDAP API but the two can still be used together (see the PagedResultsControlexample). The API documentation includes many code examples and the examples directory includes manyfully function example programs. Admins who use Linux or other non-Windows systems will greatly appreciatethe LdapSearch command line utility which can easily and securely search Active Directory and other LDAPservers using RFC2255 style LDAP URLs.Advanced Service Location and FailoverJespa uses DNS SRV lookups to locate AD services just like an Active Directory Sites Services clientshould. If Jespa cannot contact a domain controller, it will transparently try the next domain controller. IfJespa cannot contact a DNS server, it will transparently try another. Jespa supports a DNS "records file" forbypassing DNS SRV lookups entirely. These features mean that Jespa requires very little configuration and isrobust when a required service becomes suddenly unavailable.This page lists only a small subset of the features of Jespa. Please look at the Jespa Operator's Manualand API documentation for details. The API documentation contains many small example code fragments andthe examples directory includes many complete example programs. If you have any questions please contactsupport@ioplex.com or sales@ioplex.com.© 2021 IOPLEX Software |Contact Us |Policies
TAGS:Java Jespa Active Integration Directory
<<< Thank you for your visit >>>
Websites to related : lngda.com Is for Sale
keywords:
description:The premium domain name lngda.com is available for sale!
keywords:
description:
WinPcap Riverbed Technology Wireshark The
keywords:
description:VMware Cloud Expertise and Managed Multicloud built specifically for Mid-Sized IT Teams. Choose Performive's Cloud Platform.
keywords:
description:Discovering Parenthood is about what life has been like since we became parents, and all the adventures that have followed.
Disc
keywords:
description:
keywords:
description:
Skip to content
keywords:DCinema, technology,exhibition, digital cinema, 3D,lasers
description:Digital Cinema – also called dcinema and d-cinema, 10 years...nay, 14
keywords:
description:
Web Analysis for Wwwpitchup - wwwpitchup.com
keywords:
description:
keywords:
description:Since 1999 our ten member group has met monthly helping each other learn about wine; from the nuances of bouquet, and the tradit
Hot Websites