Spring-LDAP (http://www.springframework.org/ldap)
is a library for simpler LDAP programming in Java, built on the same
principles as the JdbcTemplate
in Spring JDBC. It completely eliminates the need to worry about creating
and closing LdapContext and looping through
NamingEnumeration. It also provides a more
comprehensive unchecked Exception hierarchy, built on Spring's
DataAccessException. As a bonus, it also contains
classes for dynamically building LDAP filters and DNs (Distinguished
Names), LDAP attribute management, and client-side LDAP transaction management.
Consider, for example, a method that should search some storage for all persons and return their names in a list. Using JDBC, we would create a connection and execute a query using a statement. We would then loop over the result set and retrieve the column we want, adding it to a list. In contrast, using Java LDAP, we would create a context and perform a search using a search filter. We would then loop over the resulting naming enumeration and retrieve the attribute we want, adding it to a list.
The traditional way of implementing this person name search method in Java LDAP looks like this, where the code marked as bold actually performs tasks related to the business purpose of the method:
package com.example.dao;
public class TraditionalPersonDaoImpl implements PersonDao {
public List getAllPersonNames() {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:389/dc=example,dc=com");
DirContext ctx;
try {
ctx = new InitialDirContext(env);
} catch (NamingException e) {
throw new RuntimeException(e);
}
LinkedList list = new LinkedList();
NamingEnumeration results = null;
try {
SearchControls controls = new SearchControls();
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
results = ctx.search("", "(objectclass=person)", controls);
while (results.hasMore()) {
SearchResult searchResult = (SearchResult) results.next();
Attributes attributes = searchResult.getAttributes();
Attribute attr = attributes.get("cn");
String cn = (String) attr.get();
list.add(cn);
}
} catch (NameNotFoundException e) {
// The base context was not found.
// Just clean up and exit.
} catch (NamingException e) {
throw new RuntimeException(e);
} finally {
if (results != null) {
try {
results.close();
} catch (Exception e) {
// Never mind this.
}
}
if (ctx != null) {
try {
ctx.close();
} catch (Exception e) {
// Never mind this.
}
}
}
return list;
}
}By using the Spring LDAP classes AttributesMapper
and LdapTemplate, we get the exact same functionality
with the following code:
package com.example.dao;
public class PersonDaoImpl implements PersonDao {
private LdapTemplate ldapTemplate;
public void setLdapTemplate(LdapTemplate ldapTemplate) {
this.ldapTemplate = ldapTemplate;
}
public List getAllPersonNames() {
return ldapTemplate.search(
"", "(objectclass=person)",
new AttributesMapper() {
public Object mapFromAttributes(Attributes attrs)
throws NamingException {
return attrs.get("cn").get();
}
});
}
}The amount of boiler-plate code is significantly less than in the
traditional example. The LdapTemplate version of the
search method performs the search, maps the attributes to a string using
the given AttributesMapper, collects the strings in an
internal list, and finally returns the list.
Note that the PersonDaoImpl code simply assumes
that it has an LdapTemplate instance, rather than
looking one up somewhere. It provides a set method for this purpose. There
is nothing Spring-specific about this "Inversion of Control". Anyone that
can create an instance of PersonDaoImpl can also set
the LdapTemplate on it. However, Spring provides a very
flexible and easy way of achieving
this. The Spring container can be told to wire up an instance of
LdapTemplate with its required dependencies and inject
it into the PersonDao instance. This wiring can be
defined in various ways, but the most common is through XML:
<beans>
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldap://localhost:389" />
<property name="base" value="dc=example,dc=com" />
<property name="userDn" value="cn=Manager" />
<property name="password" value="secret" />
</bean>
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<constructor-arg ref="contextSource" />
</bean>
<bean id="personDao" class="com.example.dao.PersonDaoImpl">
<property name="ldapTemplate" ref="ldapTemplate" />
</bean>
</beans>At a minimum, to use Spring LDAP you need:
spring-ldap (the Spring LDAP library)
spring-core (miscellaneous utility classes used internally by the framework)
spring-beans (contains interfaces and classes for manipulating Java beans)
commons-logging (a simple logging facade, used internally)
commons-lang (misc utilities, used internally)
In addition to the required dependencies the following optional dependencies are required for certain functionality:
acegi-security (For Acegi security integration using AcegiAuthenticationSource)
spring-context (If your application is wired up using the Spring Application Context - adds the ability for application objects to obtain resources using a consistent API. Definitely needed if you are planning on using the BaseLdapPathBeanPostProcessor.)
spring-dao (If you are planning to use the client side compensating transaction support)
spring-jdbc (If you are planning to use the client side compensating transaction support)
ldapbp (Sun LDAP Booster Pack - if you will use the LDAP v3 Server controls integration)
commons-pool (If you are planning to use the pooling functionality)
This section provides an overview of the logical package structure
of the Spring LDAP codebase. The dependencies for each package are clearly
noted. A package dependency noted as (optional) means
that the dependency is needed to compile the package but is optionally
needed at runtime (depending on your use of the package). For example, use
of Spring LDAP together with Acegi Security entails use of the
org.acegisecurity package.
The transaction.compensating package contains the generic compensating transaction support. This is not LDAP-specific or JNDI-specific in any way.
Dependencies: commons-logging
The ldap package contains the exceptions of the library. These exceptions form an unchecked hierarchy that mirrors the NamingException hierarchy.
Dependencies: spring-core
The ldap.core package contains the central abstractions of the library. These abstractions include AuthenticationSource, ContextSource, DirContextProcessor, and NameClassPairCallbackHandler. This package also contains the central class LdapTemplate, plus various mappers and executors.
Dependencies: ldap, ldap.support, spring-beans, commons-lang, commons-logging
The ldap.core.support package contains supporting implementations of some of the core interfaces.
Dependencies: ldap.core, ldap.support, spring-core, spring-beans, spring-context (optional), commons-lang, commons-logging
The ldap.support package contains supporting utilities, like the exception translation mechanism.
Dependencies: ldap, spring-core, commons-logging
The ldap.authentication package contains an implementation of the AuthenticationSource interface that can be used with Acegi Security, as well as related helper classes.
Dependencies: ldap.core, acegi-security (optional), spring-beans, commons-lang, commons-logging
The ldap.control package contains an abstract implementation of the DirContextProcessor interface that can be used as a basis for processing RequestControls and ResponseControls. There is also a concrete implementation that handles paged search results. The LDAP Booster Pack is used to get support for controls.
Dependencies: ldap, ldap.core, LDAP booster pack (optional), spring-core, commons-lang, commons-logging
The ldap.filter package contains the Filter abstraction and several implementations of it.
Dependencies: ldap.core, commons-lang
The ldap.transaction.compensating package contains the core LDAP-specific implementation of compensating transactions.
Dependencies: ldap, ldap.core, transaction.compensating, spring-core, commons-lang, commons-logging
The ldap.transaction.compensating.manager package contains the core implementation classes for client-side compensating transactions.
Dependencies: ldap, ldap.core, ldap.transaction.compensating, ldap.transaction.compensating.support, transaction.compensating, spring-dao (optional), spring-jdbc (optional), commons-logging
The ldap.transaction.compensating.support package contains useful helper classes for client-side compensating transactions.
Dependencies: ldap.core, ldap.transaction.compensating
For the exact list of jar dependencies, see the Spring LDAP Ivy dependency manager descriptor
located within the Spring LDAP distribution at
spring-ldap/ivy.xml
Spring LDAP 1.2.1 is supported on Spring 1.2.8 or later, including 2.0.x.
The community support forum is located at http://forum.springframework.org, and the project web page is http://www.springframework.org/ldap.
