Class NestedLdapAuthoritiesPopulator
- java.lang.Object
-
- org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
- org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator
-
- All Implemented Interfaces:
LdapAuthoritiesPopulator
public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator
A LDAP authority populator that can recursively search static nested groups.An example of nested groups can be
#Nested groups data dn: uid=javadude,ou=people,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Java Dude sn: Dude uid: javadude userPassword: javadudespassword dn: uid=groovydude,ou=people,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Groovy Dude sn: Dude uid: groovydude userPassword: groovydudespassword dn: uid=closuredude,ou=people,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Closure Dude sn: Dude uid: closuredude userPassword: closuredudespassword dn: uid=scaladude,ou=people,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Scala Dude sn: Dude uid: scaladude userPassword: scaladudespassword dn: cn=j-developers,ou=jdeveloper,dc=springframework,dc=org objectclass: top objectclass: groupOfNames cn: j-developers ou: jdeveloper member: cn=java-developers,ou=groups,dc=springframework,dc=org dn: cn=java-developers,ou=jdeveloper,dc=springframework,dc=org objectclass: top objectclass: groupOfNames cn: java-developers ou: jdeveloper member: cn=groovy-developers,ou=groups,dc=springframework,dc=org member: cn=scala-developers,ou=groups,dc=springframework,dc=org member: uid=javadude,ou=people,dc=springframework,dc=org dn: cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org objectclass: top objectclass: groupOfNames cn: java-developers ou: jdeveloper member: cn=closure-developers,ou=groups,dc=springframework,dc=org member: uid=groovydude,ou=people,dc=springframework,dc=org dn: cn=closure-developers,ou=jdeveloper,dc=springframework,dc=org objectclass: top objectclass: groupOfNames cn: java-developers ou: jdeveloper member: uid=closuredude,ou=people,dc=springframework,dc=org dn: cn=scala-developers,ou=jdeveloper,dc=springframework,dc=org objectclass: top objectclass: groupOfNames cn: java-developers ou: jdeveloper member: uid=scaladude,ou=people,dc=springframework,dc=org *
-
-
Constructor Summary
Constructors Constructor Description NestedLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource, java.lang.String groupSearchBase)
Constructor for group search scenarios.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.util.Set<GrantedAuthority>
getGroupMembershipRoles(java.lang.String userDn, java.lang.String username)
void
setAttributeNames(java.util.Set<java.lang.String> attributeNames)
Sets the attribute names to retrieve for each ldap groups.void
setMaxSearchDepth(int maxSearchDepth)
How far should a nested search go.-
Methods inherited from class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
getAdditionalRoles, getContextSource, getGrantedAuthorities, getGroupRoleAttribute, getGroupSearchBase, getGroupSearchFilter, getLdapTemplate, getRolePrefix, isConvertToUpperCase, setAuthorityMapper, setConvertToUpperCase, setDefaultRole, setGroupRoleAttribute, setGroupSearchFilter, setIgnorePartialResultException, setRolePrefix, setSearchSubtree
-
-
-
-
Constructor Detail
-
NestedLdapAuthoritiesPopulator
public NestedLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource, java.lang.String groupSearchBase)
Constructor for group search scenarios. userRoleAttributes may still be set as a property.- Parameters:
contextSource
- supplies the contexts used to search for user roles.groupSearchBase
- if this is an empty string the search will be performed from the root DN of the
-
-
Method Detail
-
getGroupMembershipRoles
public java.util.Set<GrantedAuthority> getGroupMembershipRoles(java.lang.String userDn, java.lang.String username)
- Overrides:
getGroupMembershipRoles
in classDefaultLdapAuthoritiesPopulator
-
setAttributeNames
public void setAttributeNames(java.util.Set<java.lang.String> attributeNames)
Sets the attribute names to retrieve for each ldap groups. Null means retrieve all- Parameters:
attributeNames
- - the names of the LDAP attributes to retrieve
-
setMaxSearchDepth
public void setMaxSearchDepth(int maxSearchDepth)
How far should a nested search go. Depth is calculated in the number of levels we search up for parent groups.- Parameters:
maxSearchDepth
- the max search depth
-
-