I had to quickly add some AD authentication to one of our applications and it was becoming cumbersome at best using the built in Java LDAP libraries. Most things had to have FQDNs, nested groups weren’t supported, the host name of a domain controller had to be known ahead of time, etc.
I stumbled upon a small stackoverflow post mentioning Waffle (Windows Authentication Framework) which supports Java and .Net. For Java it uses JNA to let Windows do all the hard work at resolving domain controllers, available domains, etc.
It was crazy simple to authenticate a user:
IWindowsAuthProvider provider = new WindowsAuthProviderImpl();
try {
provider.logonDomainUser(username, domain, password);
} catch (Win32Exception ex) {
log.info("user: " + username + " could not be authenticated");
return false;
}
return true;
Unfortunately Waffle isn’t in a Maven repository anywhere. I created the following pom to host on our instance of Nexus:
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>${organization}.thirdparty</groupId>
<artifactId>waffle-jna</artifactId>
<version>1.4</version>
<dependencies>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>11.0.2</version>
</dependency>
<dependency>
<groupId>net.java.dev.jna</groupId>
<artifactId>jna</artifactId>
<version>3.3.0</version>
</dependency>
<dependency>
<groupId>net.java.dev.jna</groupId>
<artifactId>jna</artifactId>
<version>3.3.0</version>
<classifier>platform</classifier>
</dependency>
<dependencies>
<project>
Matt McKnight's Blog 
thanks for that very useful hint! Just a small note to others who may want to use the pom file: The “dependencies” and “project” tags are not properly closed (missing slash “/”).
Another note: Native JNDI is really terrible to work with as an LDAP interface. In my view, by far the best (simple to use, powerful, open source) LDAP library for Java is the Unbound ID LDAP SDK, see http://www.unboundid.com/products/ldap-sdk/ (I am not affiliated with UnboundID in any way).