public class LdapUserDetailsManager extends java.lang.Object implements UserDetailsManager
It is designed around a standard setup where users and groups/roles are stored under separate contexts, defined by the "userDnBase" and "groupSearchBase" properties respectively.
In this case, LDAP is being used purely to retrieve information and this class can be used in place of any other UserDetailsService for authentication. Authentication isn't performed directly against the directory, unlike with the LDAP authentication provider setup.
| Constructor and Description | 
|---|
| LdapUserDetailsManager(org.springframework.ldap.core.ContextSource contextSource) | 
| Modifier and Type | Method and Description | 
|---|---|
| protected void | addAuthorities(org.springframework.ldap.core.DistinguishedName userDn,
              java.util.Collection<? extends GrantedAuthority> authorities) | 
| protected org.springframework.ldap.core.DistinguishedName | buildGroupDn(java.lang.String group)Creates a DN from a group name. | 
| void | changePassword(java.lang.String oldPassword,
              java.lang.String newPassword)Changes the password for the current user. | 
| protected void | copyToContext(UserDetails user,
             org.springframework.ldap.core.DirContextAdapter ctx) | 
| void | createUser(UserDetails user)Create a new user with the supplied details. | 
| void | deleteUser(java.lang.String username)Remove the user with the given login name from the system. | 
| UserDetails | loadUserByUsername(java.lang.String username)Locates the user based on the username. | 
| protected void | removeAuthorities(org.springframework.ldap.core.DistinguishedName userDn,
                 java.util.Collection<? extends GrantedAuthority> authorities) | 
| void | setAttributesToRetrieve(java.lang.String[] attributesToRetrieve) | 
| void | setGroupMemberAttributeName(java.lang.String groupMemberAttributeName)Sets the name of the multi-valued attribute which holds the DNs of users who are
 members of a group. | 
| void | setGroupRoleAttributeName(java.lang.String groupRoleAttributeName) | 
| void | setGroupSearchBase(java.lang.String groupSearchBase) | 
| void | setPasswordAttributeName(java.lang.String passwordAttributeName) | 
| void | setRoleMapper(org.springframework.ldap.core.AttributesMapper roleMapper) | 
| void | setUsePasswordModifyExtensionOperation(boolean usePasswordModifyExtensionOperation)Sets the method by which a user's password gets modified. | 
| void | setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper) | 
| void | setUsernameMapper(LdapUsernameToDnMapper usernameMapper) | 
| void | updateUser(UserDetails user)Update the specified user. | 
| boolean | userExists(java.lang.String username)Check if a user with the supplied login name exists in the system. | 
public LdapUserDetailsManager(org.springframework.ldap.core.ContextSource contextSource)
public UserDetails loadUserByUsername(java.lang.String username)
UserDetailsServiceUserDetails
 object that comes back may have a username that is of a different case than what
 was actually requested..loadUserByUsername in interface UserDetailsServiceusername - the username identifying the user whose data is required.null)public void changePassword(java.lang.String oldPassword,
                           java.lang.String newPassword)
 Configured one way, this method will modify the user's password via the
  LDAP Password Modify
 Extended Operation .
 See setUsePasswordModifyExtensionOperation(boolean)
 for details.
 
 By default, though, if the old password is supplied, the update will be made by
 rebinding as the user, thus modifying the password using the user's permissions. If
 oldPassword is null, the update will be attempted using a standard
 read/write context supplied by the context source.
 
changePassword in interface UserDetailsManageroldPassword - the old passwordnewPassword - the new value of the password.public void createUser(UserDetails user)
UserDetailsManagercreateUser in interface UserDetailsManagerpublic void updateUser(UserDetails user)
UserDetailsManagerupdateUser in interface UserDetailsManagerpublic void deleteUser(java.lang.String username)
UserDetailsManagerdeleteUser in interface UserDetailsManagerpublic boolean userExists(java.lang.String username)
UserDetailsManageruserExists in interface UserDetailsManagerprotected org.springframework.ldap.core.DistinguishedName buildGroupDn(java.lang.String group)
group - the name of the groupprotected void copyToContext(UserDetails user, org.springframework.ldap.core.DirContextAdapter ctx)
protected void addAuthorities(org.springframework.ldap.core.DistinguishedName userDn,
                              java.util.Collection<? extends GrantedAuthority> authorities)
protected void removeAuthorities(org.springframework.ldap.core.DistinguishedName userDn,
                                 java.util.Collection<? extends GrantedAuthority> authorities)
public void setUsernameMapper(LdapUsernameToDnMapper usernameMapper)
public void setPasswordAttributeName(java.lang.String passwordAttributeName)
public void setGroupSearchBase(java.lang.String groupSearchBase)
public void setGroupRoleAttributeName(java.lang.String groupRoleAttributeName)
public void setAttributesToRetrieve(java.lang.String[] attributesToRetrieve)
public void setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper)
public void setGroupMemberAttributeName(java.lang.String groupMemberAttributeName)
Usually this will be uniquemember (the default value) or member.
groupMemberAttributeName - the name of the attribute used to store group
 members.public void setRoleMapper(org.springframework.ldap.core.AttributesMapper roleMapper)
public void setUsePasswordModifyExtensionOperation(boolean usePasswordModifyExtensionOperation)
true, then changePassword(java.lang.String, java.lang.String) will
 modify the user's password by way of the
 Password Modify
 Extension Operation.
 If set to false, then changePassword(java.lang.String, java.lang.String) will
 modify the user's password by directly modifying attributes on the corresponding
 entry.
 Before using this setting, ensure that the corresponding LDAP server supports this
 extended operation.
 By default, usePasswordModifyExtensionOperation is false.usePasswordModifyExtensionOperation -