LdapUserDetailsManager

java.lang.Object
- org.springframework.security.ldap.userdetails.LdapUserDetailsManager

All Implemented Interfaces:

UserDetailsService, UserDetailsManager
```
public class LdapUserDetailsManager
extends java.lang.Object
implements UserDetailsManager
```
An Ldap implementation of UserDetailsManager.
It is designed around a standard setup where users and groups/roles are stored under separate contexts, defined by the "userDnBase" and "groupSearchBase" properties respectively.
In this case, LDAP is being used purely to retrieve information and this class can be used in place of any other UserDetailsService for authentication. Authentication isn't performed directly against the directory, unlike with the LDAP authentication provider setup.

Since:

2.0

Constructor Summary

Constructors
Constructor and Description

LdapUserDetailsManager(org.springframework.ldap.core.ContextSource contextSource)

Constructors
Constructor and Description
`LdapUserDetailsManager(org.springframework.ldap.core.ContextSource contextSource)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected void`	`addAuthorities(org.springframework.ldap.core.DistinguishedName userDn, java.util.Collection<? extends GrantedAuthority> authorities)`
`protected org.springframework.ldap.core.DistinguishedName`	`buildGroupDn(java.lang.String group)` Creates a DN from a group name.
`void`	`changePassword(java.lang.String oldPassword, java.lang.String newPassword)` Changes the password for the current user.
`protected void`	`copyToContext(UserDetails user, org.springframework.ldap.core.DirContextAdapter ctx)`
`void`	`createUser(UserDetails user)` Create a new user with the supplied details.
`void`	`deleteUser(java.lang.String username)` Remove the user with the given login name from the system.
`UserDetails`	`loadUserByUsername(java.lang.String username)` Locates the user based on the username.
`protected void`	`removeAuthorities(org.springframework.ldap.core.DistinguishedName userDn, java.util.Collection<? extends GrantedAuthority> authorities)`
`void`	`setAttributesToRetrieve(java.lang.String[] attributesToRetrieve)`
`void`	`setGroupMemberAttributeName(java.lang.String groupMemberAttributeName)` Sets the name of the multi-valued attribute which holds the DNs of users who are members of a group.
`void`	`setGroupRoleAttributeName(java.lang.String groupRoleAttributeName)`
`void`	`setGroupSearchBase(java.lang.String groupSearchBase)`
`void`	`setPasswordAttributeName(java.lang.String passwordAttributeName)`
`void`	`setRoleMapper(org.springframework.ldap.core.AttributesMapper roleMapper)`
`void`	`setUsePasswordModifyExtensionOperation(boolean usePasswordModifyExtensionOperation)` Sets the method by which a user's password gets modified.
`void`	`setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper)`
`void`	`setUsernameMapper(LdapUsernameToDnMapper usernameMapper)`
`void`	`updateUser(UserDetails user)` Update the specified user.
`boolean`	`userExists(java.lang.String username)` Check if a user with the supplied login name exists in the system.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - LdapUserDetailsManager
```
public LdapUserDetailsManager(org.springframework.ldap.core.ContextSource contextSource)
```
- Method Detail
  - loadUserByUsername
```
public UserDetails loadUserByUsername(java.lang.String username)
```
    Description copied from interface: UserDetailsService
    
    Locates the user based on the username. In the actual implementation, the search may possibly be case sensitive, or case insensitive depending on how the implementation instance is configured. In this case, the UserDetails object that comes back may have a username that is of a different case than what was actually requested..
    
    Specified by:
    
    loadUserByUsername in interface UserDetailsService
    
    Parameters:
    
    username - the username identifying the user whose data is required.
    
    Returns:
    
    a fully populated user record (never null)
  - changePassword
```
public void changePassword(java.lang.String oldPassword,
                           java.lang.String newPassword)
```
    Changes the password for the current user. The username is obtained from the security context. There are two supported strategies for modifying the user's password depending on the capabilities of the corresponding LDAP server.
    Configured one way, this method will modify the user's password via the LDAP Password Modify Extended Operation . See setUsePasswordModifyExtensionOperation(boolean) for details.
    
    By default, though, if the old password is supplied, the update will be made by rebinding as the user, thus modifying the password using the user's permissions. If oldPassword is null, the update will be attempted using a standard read/write context supplied by the context source.
    
    Specified by:
    
    changePassword in interface UserDetailsManager
    
    Parameters:
    
    oldPassword - the old password
    
    newPassword - the new value of the password.
  - createUser
```
public void createUser(UserDetails user)
```
    Description copied from interface: UserDetailsManager
    
    Create a new user with the supplied details.
    
    Specified by:
    
    createUser in interface UserDetailsManager
  - updateUser
```
public void updateUser(UserDetails user)
```
    Description copied from interface: UserDetailsManager
    
    Update the specified user.
    
    Specified by:
    
    updateUser in interface UserDetailsManager
  - deleteUser
```
public void deleteUser(java.lang.String username)
```
    Description copied from interface: UserDetailsManager
    
    Remove the user with the given login name from the system.
    
    Specified by:
    
    deleteUser in interface UserDetailsManager
  - userExists
```
public boolean userExists(java.lang.String username)
```
    Description copied from interface: UserDetailsManager
    
    Check if a user with the supplied login name exists in the system.
    
    Specified by:
    
    userExists in interface UserDetailsManager
  - buildGroupDn
```
protected org.springframework.ldap.core.DistinguishedName buildGroupDn(java.lang.String group)
```
    Creates a DN from a group name.
    
    Parameters:
    
    group - the name of the group
    
    Returns:
    
    the DN of the corresponding group, including the groupSearchBase
  - copyToContext
```
protected void copyToContext(UserDetails user,
                             org.springframework.ldap.core.DirContextAdapter ctx)
```
  - addAuthorities
```
protected void addAuthorities(org.springframework.ldap.core.DistinguishedName userDn,
                              java.util.Collection<? extends GrantedAuthority> authorities)
```
  - removeAuthorities
```
protected void removeAuthorities(org.springframework.ldap.core.DistinguishedName userDn,
                                 java.util.Collection<? extends GrantedAuthority> authorities)
```
  - setUsernameMapper
```
public void setUsernameMapper(LdapUsernameToDnMapper usernameMapper)
```
  - setPasswordAttributeName
```
public void setPasswordAttributeName(java.lang.String passwordAttributeName)
```
  - setGroupSearchBase
```
public void setGroupSearchBase(java.lang.String groupSearchBase)
```
  - setGroupRoleAttributeName
```
public void setGroupRoleAttributeName(java.lang.String groupRoleAttributeName)
```
  - setAttributesToRetrieve
```
public void setAttributesToRetrieve(java.lang.String[] attributesToRetrieve)
```
  - setUserDetailsMapper
```
public void setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper)
```
  - setGroupMemberAttributeName
```
public void setGroupMemberAttributeName(java.lang.String groupMemberAttributeName)
```
    Sets the name of the multi-valued attribute which holds the DNs of users who are members of a group.
    Usually this will be uniquemember (the default value) or member.
    
    Parameters:
    
    groupMemberAttributeName - the name of the attribute used to store group members.
  - setRoleMapper
```
public void setRoleMapper(org.springframework.ldap.core.AttributesMapper roleMapper)
```
  - setUsePasswordModifyExtensionOperation
```
public void setUsePasswordModifyExtensionOperation(boolean usePasswordModifyExtensionOperation)
```
    Sets the method by which a user's password gets modified. If set to true, then changePassword(java.lang.String, java.lang.String) will modify the user's password by way of the Password Modify Extension Operation. If set to false, then changePassword(java.lang.String, java.lang.String) will modify the user's password by directly modifying attributes on the corresponding entry. Before using this setting, ensure that the corresponding LDAP server supports this extended operation. By default, usePasswordModifyExtensionOperation is false.
    
    Parameters:
    
    usePasswordModifyExtensionOperation -
    
    Since:
    
    4.2.9

Class LdapUserDetailsManager

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

LdapUserDetailsManager

Method Detail

loadUserByUsername

changePassword

createUser

updateUser

deleteUser

userExists

buildGroupDn

copyToContext

addAuthorities

removeAuthorities

setUsernameMapper

setPasswordAttributeName

setGroupSearchBase

setGroupRoleAttributeName

setAttributesToRetrieve

setUserDetailsMapper

setGroupMemberAttributeName

setRoleMapper

setUsePasswordModifyExtensionOperation