Package org.springframework.security.ldap.userdetails

Class NestedLdapAuthoritiesPopulator

  • All Implemented Interfaces:
    LdapAuthoritiesPopulator
    public class NestedLdapAuthoritiesPopulator
extends DefaultLdapAuthoritiesPopulator
    A LDAP authority populator that can recursively search static nested groups.

    An example of nested groups can be 

      #Nested groups data

  dn: uid=javadude,ou=people,dc=springframework,dc=org
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Java Dude
  sn: Dude
  uid: javadude
  userPassword: javadudespassword

  dn: uid=groovydude,ou=people,dc=springframework,dc=org
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Groovy Dude
  sn: Dude
  uid: groovydude
  userPassword: groovydudespassword

  dn: uid=closuredude,ou=people,dc=springframework,dc=org
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Closure Dude
  sn: Dude
  uid: closuredude
  userPassword: closuredudespassword

  dn: uid=scaladude,ou=people,dc=springframework,dc=org
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Scala Dude
  sn: Dude
  uid: scaladude
  userPassword: scaladudespassword

  dn: cn=j-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: j-developers
  ou: jdeveloper
  member: cn=java-developers,ou=groups,dc=springframework,dc=org

  dn: cn=java-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: java-developers
  ou: jdeveloper
  member: cn=groovy-developers,ou=groups,dc=springframework,dc=org
  member: cn=scala-developers,ou=groups,dc=springframework,dc=org
  member: uid=javadude,ou=people,dc=springframework,dc=org

  dn: cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: java-developers
  ou: jdeveloper
  member: cn=closure-developers,ou=groups,dc=springframework,dc=org
  member: uid=groovydude,ou=people,dc=springframework,dc=org

  dn: cn=closure-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: java-developers
  ou: jdeveloper
  member: uid=closuredude,ou=people,dc=springframework,dc=org

  dn: cn=scala-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: java-developers
  ou: jdeveloper
  member: uid=scaladude,ou=people,dc=springframework,dc=org *

    • Constructor Detail

      • NestedLdapAuthoritiesPopulator

        public NestedLdapAuthoritiesPopulator​(org.springframework.ldap.core.ContextSource contextSource,
                                      java.lang.String groupSearchBase)
        Constructor for group search scenarios. userRoleAttributes may still be set as a property.
        Parameters:
        contextSource - supplies the contexts used to search for user roles.
        groupSearchBase - if this is an empty string the search will be performed from the root DN of the

    • Method Detail

      • setAttributeNames

        public void setAttributeNames​(java.util.Set<java.lang.String> attributeNames)
        Sets the attribute names to retrieve for each ldap groups. Null means retrieve all
        Parameters:
        attributeNames - - the names of the LDAP attributes to retrieve

      • setMaxSearchDepth

        public void setMaxSearchDepth​(int maxSearchDepth)
        How far should a nested search go. Depth is calculated in the number of levels we search up for parent groups.
        Parameters:
        maxSearchDepth - the max search depth