Package org.springframework.security.ldap.userdetails

Class LdapUserDetailsMapper

  • All Implemented Interfaces:
    UserDetailsContextMapper
    public class LdapUserDetailsMapper
extends java.lang.Object
implements UserDetailsContextMapper
    The context mapper used by the LDAP authentication provider to create an LDAP user object.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected GrantedAuthority createAuthority​(java.lang.Object role)
      Creates a GrantedAuthority from a role attribute.
      protected java.lang.String mapPassword​(java.lang.Object passwordValue)
      Extension point to allow customized creation of the user's password from the attribute stored in the directory.
      UserDetails mapUserFromContext​(org.springframework.ldap.core.DirContextOperations ctx, java.lang.String username, java.util.Collection<? extends GrantedAuthority> authorities)
      Creates a fully populated UserDetails object for use by the security framework.
      void mapUserToContext​(UserDetails user, org.springframework.ldap.core.DirContextAdapter ctx)
      Reverse of the above operation.
      void setConvertToUpperCase​(boolean convertToUpperCase)
      Determines whether role field values will be converted to upper case when loaded.
      void setPasswordAttributeName​(java.lang.String passwordAttributeName)
      The name of the attribute which contains the user's password.
      void setRoleAttributes​(java.lang.String[] roleAttributes)
      The names of any attributes in the user's entry which represent application roles.
      void setRolePrefix​(java.lang.String rolePrefix)
      The prefix that should be applied to the role names

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • LdapUserDetailsMapper

        public LdapUserDetailsMapper()

    • Method Detail

      • mapUserFromContext

        public UserDetails mapUserFromContext​(org.springframework.ldap.core.DirContextOperations ctx,
                                      java.lang.String username,
                                      java.util.Collection<? extends GrantedAuthority> authorities)
        Description copied from interface: UserDetailsContextMapper
        Creates a fully populated UserDetails object for use by the security framework.
        Specified by:
        mapUserFromContext in interface UserDetailsContextMapper
        Parameters:
        ctx - the context object which contains the user information.
        username - the user's supplied login name.
        Returns:
        the user object.

      • mapUserToContext

        public void mapUserToContext​(UserDetails user,
                             org.springframework.ldap.core.DirContextAdapter ctx)
        Description copied from interface: UserDetailsContextMapper
        Reverse of the above operation. Populates a context object from the supplied user object. Called when saving a user, for example.
        Specified by:
        mapUserToContext in interface UserDetailsContextMapper

      • mapPassword

        protected java.lang.String mapPassword​(java.lang.Object passwordValue)
        Extension point to allow customized creation of the user's password from the attribute stored in the directory.
        Parameters:
        passwordValue - the value of the password attribute
        Returns:
        a String representation of the password.

      • createAuthority

        protected GrantedAuthority createAuthority​(java.lang.Object role)
        Creates a GrantedAuthority from a role attribute. Override to customize authority object creation.

        The default implementation converts string attributes to roles, making use of the rolePrefix and convertToUpperCase properties. Non-String attributes are ignored.

        Parameters:
        role - the attribute returned from
        Returns:
        the authority to be added to the list of authorities for the user, or null if this attribute should be ignored.

      • setConvertToUpperCase

        public void setConvertToUpperCase​(boolean convertToUpperCase)
        Determines whether role field values will be converted to upper case when loaded. The default is true.
        Parameters:
        convertToUpperCase - true if the roles should be converted to upper case.

      • setPasswordAttributeName

        public void setPasswordAttributeName​(java.lang.String passwordAttributeName)
        The name of the attribute which contains the user's password. Defaults to "userPassword".
        Parameters:
        passwordAttributeName - the name of the attribute

      • setRoleAttributes

        public void setRoleAttributes​(java.lang.String[] roleAttributes)
        The names of any attributes in the user's entry which represent application roles. These will be converted to GrantedAuthoritys and added to the list in the returned LdapUserDetails object. The attribute values must be Strings by default.
        Parameters:
        roleAttributes - the names of the role attributes.

      • setRolePrefix

        public void setRolePrefix​(java.lang.String rolePrefix)
        The prefix that should be applied to the role names
        Parameters:
        rolePrefix - the prefix (defaults to "ROLE_").