Spring Security Framework

org.springframework.security.userdetails.ldap
Class LdapUserDetailsManager

java.lang.Object
  extended by org.springframework.security.userdetails.ldap.LdapUserDetailsManager
All Implemented Interfaces:
UserDetailsManager, UserDetailsService

public class LdapUserDetailsManager
extends Object
implements UserDetailsManager

An Ldap implementation of UserDetailsManager.

It is designed around a standard setup where users and groups/roles are stored under separate contexts, defined by the "userDnBase" and "groupSearchBase" properties respectively.

In this case, LDAP is being used purely to retrieve information and this class can be used in place of any other UserDetailsService for authentication. Authentication isn't performed directly against the directory, unlike with the LDAP authentication provider setup.

Since:
2.0
Version:
$Id$
Author:
Luke Taylor

Constructor Summary
LdapUserDetailsManager(org.springframework.ldap.core.ContextSource contextSource)
           
 
Method Summary
protected  void addAuthorities(org.springframework.ldap.core.DistinguishedName userDn, GrantedAuthority[] authorities)
           
protected  org.springframework.ldap.core.DistinguishedName buildGroupDn(String group)
          Creates a DN from a group name.
 void changePassword(String oldPassword, String newPassword)
          Changes the password for the current user.
protected  void copyToContext(UserDetails user, org.springframework.ldap.core.DirContextAdapter ctx)
           
 void createUser(UserDetails user)
          Create a new user with the supplied details.
 void deleteUser(String username)
          Remove the user with the given login name from the system.
 UserDetails loadUserByUsername(String username)
          Locates the user based on the username.
protected  void removeAuthorities(org.springframework.ldap.core.DistinguishedName userDn, GrantedAuthority[] authorities)
           
 void setAttributesToRetrieve(String[] attributesToRetrieve)
           
 void setGroupMemberAttributeName(String groupMemberAttributeName)
          Sets the name of the multi-valued attribute which holds the DNs of users who are members of a group.
 void setGroupRoleAttributeName(String groupRoleAttributeName)
           
 void setGroupSearchBase(String groupSearchBase)
           
 void setPasswordAttributeName(String passwordAttributeName)
           
 void setRoleMapper(org.springframework.ldap.core.AttributesMapper roleMapper)
           
 void setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper)
           
 void setUsernameMapper(LdapUsernameToDnMapper usernameMapper)
           
 void updateUser(UserDetails user)
          Update the specified user.
 boolean userExists(String username)
          Check if a user with the supplied login name exists in the system.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

LdapUserDetailsManager

public LdapUserDetailsManager(org.springframework.ldap.core.ContextSource contextSource)
Method Detail

loadUserByUsername

public UserDetails loadUserByUsername(String username)
                               throws UsernameNotFoundException,
                                      DataAccessException
Description copied from interface: UserDetailsService
Locates the user based on the username. In the actual implementation, the search may possibly be case insensitive, or case insensitive depending on how the implementaion instance is configured. In this case, the UserDetails object that comes back may have a username that is of a different case than what was actually requested..

Specified by:
loadUserByUsername in interface UserDetailsService
Parameters:
username - the username presented to the DaoAuthenticationProvider
Returns:
a fully populated user record (never null)
Throws:
UsernameNotFoundException - if the user could not be found or the user has no GrantedAuthority
DataAccessException - if user could not be found for a repository-specific reason

changePassword

public void changePassword(String oldPassword,
                           String newPassword)
Changes the password for the current user. The username is obtained from the security context.

If the old password is supplied, the update will be made by rebinding as the user, thus modifying the password using the user's permissions. If oldPassword is null, the update will be attempted using a standard read/write context supplied by the context source.

Specified by:
changePassword in interface UserDetailsManager
Parameters:
oldPassword - the old password
newPassword - the new value of the password.

createUser

public void createUser(UserDetails user)
Description copied from interface: UserDetailsManager
Create a new user with the supplied details.

Specified by:
createUser in interface UserDetailsManager

updateUser

public void updateUser(UserDetails user)
Description copied from interface: UserDetailsManager
Update the specified user.

Specified by:
updateUser in interface UserDetailsManager

deleteUser

public void deleteUser(String username)
Description copied from interface: UserDetailsManager
Remove the user with the given login name from the system.

Specified by:
deleteUser in interface UserDetailsManager

userExists

public boolean userExists(String username)
Description copied from interface: UserDetailsManager
Check if a user with the supplied login name exists in the system.

Specified by:
userExists in interface UserDetailsManager

buildGroupDn

protected org.springframework.ldap.core.DistinguishedName buildGroupDn(String group)
Creates a DN from a group name.

Parameters:
group - the name of the group
Returns:
the DN of the corresponding group, including the groupSearchBase

copyToContext

protected void copyToContext(UserDetails user,
                             org.springframework.ldap.core.DirContextAdapter ctx)

addAuthorities

protected void addAuthorities(org.springframework.ldap.core.DistinguishedName userDn,
                              GrantedAuthority[] authorities)

removeAuthorities

protected void removeAuthorities(org.springframework.ldap.core.DistinguishedName userDn,
                                 GrantedAuthority[] authorities)

setUsernameMapper

public void setUsernameMapper(LdapUsernameToDnMapper usernameMapper)

setPasswordAttributeName

public void setPasswordAttributeName(String passwordAttributeName)

setGroupSearchBase

public void setGroupSearchBase(String groupSearchBase)

setGroupRoleAttributeName

public void setGroupRoleAttributeName(String groupRoleAttributeName)

setAttributesToRetrieve

public void setAttributesToRetrieve(String[] attributesToRetrieve)

setUserDetailsMapper

public void setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper)

setGroupMemberAttributeName

public void setGroupMemberAttributeName(String groupMemberAttributeName)
Sets the name of the multi-valued attribute which holds the DNs of users who are members of a group.

Usually this will be uniquemember (the default value) or member.

Parameters:
groupMemberAttributeName - the name of the attribute used to store group members.

setRoleMapper

public void setRoleMapper(org.springframework.ldap.core.AttributesMapper roleMapper)

Spring Security Framework

Copyright © 2004-2010 SpringSource, Inc. All Rights Reserved.