org.springframework.security.ldap

Class DefaultSpringSecurityContextSource

java.lang.Object

org.springframework.ldap.core.support.AbstractContextSource

org.springframework.ldap.core.support.LdapContextSource

org.springframework.security.ldap.DefaultSpringSecurityContextSource

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, org.springframework.ldap.core.ContextSource, org.springframework.ldap.core.support.BaseLdapPathContextSource, org.springframework.ldap.core.support.BaseLdapPathSource

Direct Known Subclasses:

PasswordPolicyAwareContextSource

public class DefaultSpringSecurityContextSource
extends org.springframework.ldap.core.support.LdapContextSource

ContextSource implementation which uses Spring LDAP's LdapContextSource as a base class. Used internally by the Spring Security LDAP namespace configuration.

From Spring Security 3.0, Spring LDAP 1.3 is used and the ContextSource interface provides support for binding with a username and password. As a result, Spring LDAP ContextSource implementations such as LdapContextSource may be used directly with Spring Security.

Spring LDAP 1.3 doesn't have JVM-level LDAP connection pooling enabled by default. This class sets the pooled property to true, but customizes the DirContextAuthenticationStrategy used to disable pooling when the DN doesn't match the userDn property. This prevents pooling for calls to AbstractContextSource.getContext(String, String) to authenticate as specific users.

Since:

2.0

Field Summary

Fields

Modifier and Type	Field and Description
protected org.apache.commons.logging.Log	logger

Fields inherited from class org.springframework.ldap.core.support.AbstractContextSource

password, SUN_LDAP_POOLING_FLAG, userDn

Constructor Summary

Constructors

Constructor and Description
DefaultSpringSecurityContextSource(java.util.List<java.lang.String> urls, java.lang.String baseDn) Create and initialize an instance which will connect of the LDAP Spring Security Context Source.
DefaultSpringSecurityContextSource(java.lang.String providerUrl) Create and initialize an instance which will connect to the supplied LDAP URL.

Method Summary

Methods inherited from class org.springframework.ldap.core.support.LdapContextSource

getDirContextInstance

Methods inherited from class org.springframework.ldap.core.support.AbstractContextSource

afterPropertiesSet, assembleProviderUrlString, createContext, getAnonymousEnv, getAuthenticatedEnv, getAuthenticationSource, getBaseLdapName, getBaseLdapPath, getBaseLdapPathAsString, getContext, getContextFactory, getDirObjectFactory, getPassword, getReadOnlyContext, getReadWriteContext, getUrls, getUserDn, isAnonymousReadOnly, isPooled, setAnonymousReadOnly, setAuthenticationSource, setAuthenticationStrategy, setBase, setBaseEnvironmentProperties, setCacheEnvironmentProperties, setContextFactory, setDirObjectFactory, setPassword, setPooled, setReferral, setupAuthenticatedEnvironment, setUrl, setUrls, setUserDn

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected final org.apache.commons.logging.Log logger

Constructor Detail

DefaultSpringSecurityContextSource

public DefaultSpringSecurityContextSource(java.lang.String providerUrl)

Create and initialize an instance which will connect to the supplied LDAP URL. If you want to use more than one server for fail-over, rather use the DefaultSpringSecurityContextSource(List, String) constructor.

Parameters:

providerUrl - an LDAP URL of the form ldap://localhost:389/base_dn

DefaultSpringSecurityContextSource

public DefaultSpringSecurityContextSource(java.util.List<java.lang.String> urls,
                                          java.lang.String baseDn)

Create and initialize an instance which will connect of the LDAP Spring Security Context Source. It will connect to any of the provided LDAP server URLs.

Parameters:

urls - A list of string values which are LDAP server URLs. An example would be ldap://ldap.company.com:389. LDAPS URLs (SSL-secured) may be used as well, given that Spring Security is able to connect to the server. Note that these URLs must not include the base DN!

baseDn - The common Base DN for all provided servers, e.g.

 dc=company,dc=com
 

.