Class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>>
- java.lang.Object
-
- org.springframework.security.config.annotation.SecurityConfigurerAdapter<AuthenticationManager,B>
-
- org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer<B>
-
- Type Parameters:
B
- theProviderManagerBuilder
type that this is configuring.
- All Implemented Interfaces:
SecurityConfigurer<AuthenticationManager,B>
public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>> extends SecurityConfigurerAdapter<AuthenticationManager,B>
Configures LDAPAuthenticationProvider
in theProviderManagerBuilder
.- Since:
- 3.2
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description class
LdapAuthenticationProviderConfigurer.ContextSourceBuilder
Allows building aBaseLdapPathContextSource
and optionally creating an embedded LDAP instance.class
LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer
Sets up Password based comparison
-
Constructor Summary
Constructors Constructor Description LdapAuthenticationProviderConfigurer()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description LdapAuthenticationProviderConfigurer<B>
authoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper)
Specifies theGrantedAuthoritiesMapper
.void
configure(B builder)
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.LdapAuthenticationProviderConfigurer.ContextSourceBuilder
contextSource()
Allows easily configuring of aBaseLdapPathContextSource
with defaults pointing to an embedded LDAP server that is created.LdapAuthenticationProviderConfigurer<B>
contextSource(org.springframework.ldap.core.support.BaseLdapPathContextSource contextSource)
Specifies theBaseLdapPathContextSource
to be used.protected GrantedAuthoritiesMapper
getAuthoritiesMapper()
Gets theGrantedAuthoritiesMapper
and defaults toSimpleAuthorityMapper
.LdapAuthenticationProviderConfigurer<B>
groupRoleAttribute(java.lang.String groupRoleAttribute)
Specifies the attribute name which contains the role name.LdapAuthenticationProviderConfigurer<B>
groupSearchBase(java.lang.String groupSearchBase)
The search base for group membership searches.LdapAuthenticationProviderConfigurer<B>
groupSearchFilter(java.lang.String groupSearchFilter)
The LDAP filter to search for groups.LdapAuthenticationProviderConfigurer<B>
groupSearchSubtree(boolean groupSearchSubtree)
If set to true, a subtree scope search will be performed for group membership.LdapAuthenticationProviderConfigurer<B>
ldapAuthoritiesPopulator(LdapAuthoritiesPopulator ldapAuthoritiesPopulator)
Specifies theLdapAuthoritiesPopulator
.LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer
passwordCompare()
LdapAuthenticationProviderConfigurer<B>
passwordEncoder(PasswordEncoder passwordEncoder)
Specifies thePasswordEncoder
to be used when authenticating with password comparison.LdapAuthenticationProviderConfigurer<B>
rolePrefix(java.lang.String rolePrefix)
A non-empty string prefix that will be added as a prefix to the existing roles.LdapAuthenticationProviderConfigurer<B>
userDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper)
Allows explicit customization of the loaded user object by specifying a UserDetailsContextMapper bean which will be called with the context information from the user's directory entry.LdapAuthenticationProviderConfigurer<B>
userDnPatterns(java.lang.String... userDnPatterns)
If your users are at a fixed location in the directory (i.e.LdapAuthenticationProviderConfigurer<B>
userSearchBase(java.lang.String userSearchBase)
Search base for user searches.LdapAuthenticationProviderConfigurer<B>
userSearchFilter(java.lang.String userSearchFilter)
The LDAP filter used to search for users (optional).LdapAuthenticationProviderConfigurer<B>
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
Adds anObjectPostProcessor
for this class.-
Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder
-
-
-
-
Method Detail
-
ldapAuthoritiesPopulator
public LdapAuthenticationProviderConfigurer<B> ldapAuthoritiesPopulator(LdapAuthoritiesPopulator ldapAuthoritiesPopulator)
Specifies theLdapAuthoritiesPopulator
.- Parameters:
ldapAuthoritiesPopulator
- theLdapAuthoritiesPopulator
the default isDefaultLdapAuthoritiesPopulator
- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
withObjectPostProcessor
public LdapAuthenticationProviderConfigurer<B> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)
Adds anObjectPostProcessor
for this class.- Parameters:
objectPostProcessor
-- Returns:
- the
ChannelSecurityConfigurer
for further customizations
-
authoritiesMapper
public LdapAuthenticationProviderConfigurer<B> authoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper)
Specifies theGrantedAuthoritiesMapper
.- Parameters:
grantedAuthoritiesMapper
- theGrantedAuthoritiesMapper
the default isSimpleAuthorityMapper
- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations - Since:
- 4.1.1
-
getAuthoritiesMapper
protected GrantedAuthoritiesMapper getAuthoritiesMapper() throws java.lang.Exception
Gets theGrantedAuthoritiesMapper
and defaults toSimpleAuthorityMapper
.- Returns:
- the
GrantedAuthoritiesMapper
- Throws:
java.lang.Exception
- if errors inSimpleAuthorityMapper.afterPropertiesSet()
-
contextSource
public LdapAuthenticationProviderConfigurer<B> contextSource(org.springframework.ldap.core.support.BaseLdapPathContextSource contextSource)
Specifies theBaseLdapPathContextSource
to be used. If not specified, an embedded LDAP server will be created usingcontextSource()
.- Parameters:
contextSource
- theBaseLdapPathContextSource
to use- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations - See Also:
contextSource()
-
contextSource
public LdapAuthenticationProviderConfigurer.ContextSourceBuilder contextSource()
Allows easily configuring of aBaseLdapPathContextSource
with defaults pointing to an embedded LDAP server that is created.- Returns:
- the
LdapAuthenticationProviderConfigurer.ContextSourceBuilder
for further customizations
-
passwordEncoder
public LdapAuthenticationProviderConfigurer<B> passwordEncoder(PasswordEncoder passwordEncoder)
Specifies thePasswordEncoder
to be used when authenticating with password comparison.- Parameters:
passwordEncoder
- thePasswordEncoder
to use- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customization
-
userDnPatterns
public LdapAuthenticationProviderConfigurer<B> userDnPatterns(java.lang.String... userDnPatterns)
If your users are at a fixed location in the directory (i.e. you can work out the DN directly from the username without doing a directory search), you can use this attribute to map directly to the DN. It maps directly to the userDnPatterns property of AbstractLdapAuthenticator. The value is a specific pattern used to build the user's DN, for example "uid={0},ou=people". The key "{0}" must be present and will be substituted with the username.- Parameters:
userDnPatterns
- the LDAP patterns for finding the usernames- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
userDetailsContextMapper
public LdapAuthenticationProviderConfigurer<B> userDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper)
Allows explicit customization of the loaded user object by specifying a UserDetailsContextMapper bean which will be called with the context information from the user's directory entry.- Parameters:
userDetailsContextMapper
- theUserDetailsContextMapper
to use- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations - See Also:
PersonContextMapper
,InetOrgPersonContextMapper
,LdapUserDetailsMapper
-
groupRoleAttribute
public LdapAuthenticationProviderConfigurer<B> groupRoleAttribute(java.lang.String groupRoleAttribute)
Specifies the attribute name which contains the role name. Default is "cn".- Parameters:
groupRoleAttribute
- the attribute name that maps a group to a role.- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
groupSearchBase
public LdapAuthenticationProviderConfigurer<B> groupSearchBase(java.lang.String groupSearchBase)
The search base for group membership searches. Defaults to "".- Parameters:
groupSearchBase
-- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
groupSearchSubtree
public LdapAuthenticationProviderConfigurer<B> groupSearchSubtree(boolean groupSearchSubtree)
If set to true, a subtree scope search will be performed for group membership. If false a single-level search is used.- Parameters:
groupSearchSubtree
- set to true to enable searching of the entire tree below the groupSearchBase.- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
groupSearchFilter
public LdapAuthenticationProviderConfigurer<B> groupSearchFilter(java.lang.String groupSearchFilter)
The LDAP filter to search for groups. Defaults to "(uniqueMember={0})". The substituted parameter is the DN of the user.- Parameters:
groupSearchFilter
- the LDAP filter to search for groups- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
rolePrefix
public LdapAuthenticationProviderConfigurer<B> rolePrefix(java.lang.String rolePrefix)
A non-empty string prefix that will be added as a prefix to the existing roles. The default is "ROLE_".- Parameters:
rolePrefix
- the prefix to be added to the roles that are loaded.- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations - See Also:
SimpleAuthorityMapper.setPrefix(String)
-
userSearchBase
public LdapAuthenticationProviderConfigurer<B> userSearchBase(java.lang.String userSearchBase)
Search base for user searches. Defaults to "". Only used withuserSearchFilter(String)
.- Parameters:
userSearchBase
- search base for user searches- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
userSearchFilter
public LdapAuthenticationProviderConfigurer<B> userSearchFilter(java.lang.String userSearchFilter)
The LDAP filter used to search for users (optional). For example "(uid={0})". The substituted parameter is the user's login name.- Parameters:
userSearchFilter
- the LDAP filter used to search for users- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
configure
public void configure(B builder) throws java.lang.Exception
Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<AuthenticationManager,B extends ProviderManagerBuilder<B>>
- Overrides:
configure
in classSecurityConfigurerAdapter<AuthenticationManager,B extends ProviderManagerBuilder<B>>
- Throws:
java.lang.Exception
-
passwordCompare
public LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer passwordCompare()
- Returns:
- the
LdapAuthenticationProviderConfigurer.PasswordCompareConfigurer
for further customizations
-
-