Class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<AuthenticationManager,B>
org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer<B>
- Type Parameters:
B
- theProviderManagerBuilder
type that this is configuring.
- All Implemented Interfaces:
SecurityConfigurer<AuthenticationManager,
B>
public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>>
extends SecurityConfigurerAdapter<AuthenticationManager,B>
Configures LDAP
AuthenticationProvider
in the ProviderManagerBuilder
.- Since:
- 3.2
-
Nested Class Summary
Modifier and TypeClassDescriptionfinal class
Allows building aBaseLdapPathContextSource
and optionally creating an embedded LDAP instance.final class
Sets up Password based comparison -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionauthoritiesMapper
(GrantedAuthoritiesMapper grantedAuthoritiesMapper) Specifies theGrantedAuthoritiesMapper
.void
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.Allows easily configuring of aBaseLdapPathContextSource
with defaults pointing to an embedded LDAP server that is created.contextSource
(org.springframework.ldap.core.support.BaseLdapPathContextSource contextSource) Specifies theBaseLdapPathContextSource
to be used.protected GrantedAuthoritiesMapper
Gets theGrantedAuthoritiesMapper
and defaults toSimpleAuthorityMapper
.groupRoleAttribute
(String groupRoleAttribute) Specifies the attribute name which contains the role name.groupSearchBase
(String groupSearchBase) The search base for group membership searches.groupSearchFilter
(String groupSearchFilter) The LDAP filter to search for groups.groupSearchSubtree
(boolean groupSearchSubtree) If set to true, a subtree scope search will be performed for group membership.ldapAuthoritiesPopulator
(LdapAuthoritiesPopulator ldapAuthoritiesPopulator) Specifies theLdapAuthoritiesPopulator
.passwordEncoder
(PasswordEncoder passwordEncoder) Specifies thePasswordEncoder
to be used when authenticating with password comparison.rolePrefix
(String rolePrefix) A non-empty string prefix that will be added as a prefix to the existing roles.userDetailsContextMapper
(UserDetailsContextMapper userDetailsContextMapper) Allows explicit customization of the loaded user object by specifying a UserDetailsContextMapper bean which will be called with the context information from the user's directory entry.userDnPatterns
(String... userDnPatterns) If your users are at a fixed location in the directory (i.e.userSearchBase
(String userSearchBase) Search base for user searches.userSearchFilter
(String userSearchFilter) The LDAP filter used to search for users (optional).withObjectPostProcessor
(ObjectPostProcessor<?> objectPostProcessor) Adds anObjectPostProcessor
for this class.Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder
-
Constructor Details
-
LdapAuthenticationProviderConfigurer
public LdapAuthenticationProviderConfigurer()
-
-
Method Details
-
ldapAuthoritiesPopulator
public LdapAuthenticationProviderConfigurer<B> ldapAuthoritiesPopulator(LdapAuthoritiesPopulator ldapAuthoritiesPopulator) Specifies theLdapAuthoritiesPopulator
.- Parameters:
ldapAuthoritiesPopulator
- theLdapAuthoritiesPopulator
the default isDefaultLdapAuthoritiesPopulator
- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
withObjectPostProcessor
public LdapAuthenticationProviderConfigurer<B> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) Adds anObjectPostProcessor
for this class.- Parameters:
objectPostProcessor
-- Returns:
- the
ChannelSecurityConfigurer
for further customizations
-
authoritiesMapper
public LdapAuthenticationProviderConfigurer<B> authoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) Specifies theGrantedAuthoritiesMapper
.- Parameters:
grantedAuthoritiesMapper
- theGrantedAuthoritiesMapper
the default isSimpleAuthorityMapper
- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations - Since:
- 4.1.1
-
getAuthoritiesMapper
Gets theGrantedAuthoritiesMapper
and defaults toSimpleAuthorityMapper
.- Returns:
- the
GrantedAuthoritiesMapper
- Throws:
Exception
- if errors inSimpleAuthorityMapper.afterPropertiesSet()
-
contextSource
public LdapAuthenticationProviderConfigurer<B> contextSource(org.springframework.ldap.core.support.BaseLdapPathContextSource contextSource) Specifies theBaseLdapPathContextSource
to be used. If not specified, an embedded LDAP server will be created usingcontextSource()
.- Parameters:
contextSource
- theBaseLdapPathContextSource
to use- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations - See Also:
-
contextSource
Allows easily configuring of aBaseLdapPathContextSource
with defaults pointing to an embedded LDAP server that is created.- Returns:
- the
LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>>.ContextSourceBuilder
for further customizations
-
passwordEncoder
Specifies thePasswordEncoder
to be used when authenticating with password comparison.- Parameters:
passwordEncoder
- thePasswordEncoder
to use- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customization
-
userDnPatterns
If your users are at a fixed location in the directory (i.e. you can work out the DN directly from the username without doing a directory search), you can use this attribute to map directly to the DN. It maps directly to the userDnPatterns property of AbstractLdapAuthenticator. The value is a specific pattern used to build the user's DN, for example "uid={0},ou=people". The key "{0}" must be present and will be substituted with the username.- Parameters:
userDnPatterns
- the LDAP patterns for finding the usernames- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
userDetailsContextMapper
public LdapAuthenticationProviderConfigurer<B> userDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper) Allows explicit customization of the loaded user object by specifying a UserDetailsContextMapper bean which will be called with the context information from the user's directory entry.- Parameters:
userDetailsContextMapper
- theUserDetailsContextMapper
to use- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations - See Also:
-
groupRoleAttribute
Specifies the attribute name which contains the role name. Default is "cn".- Parameters:
groupRoleAttribute
- the attribute name that maps a group to a role.- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
groupSearchBase
The search base for group membership searches. Defaults to "".- Parameters:
groupSearchBase
-- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
groupSearchSubtree
If set to true, a subtree scope search will be performed for group membership. If false a single-level search is used.- Parameters:
groupSearchSubtree
- set to true to enable searching of the entire tree below the groupSearchBase.- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
groupSearchFilter
The LDAP filter to search for groups. Defaults to "(uniqueMember={0})". The substituted parameter is the DN of the user.- Parameters:
groupSearchFilter
- the LDAP filter to search for groups- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
rolePrefix
A non-empty string prefix that will be added as a prefix to the existing roles. The default is "ROLE_".- Parameters:
rolePrefix
- the prefix to be added to the roles that are loaded.- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations - See Also:
-
userSearchBase
Search base for user searches. Defaults to "". Only used withuserSearchFilter(String)
.- Parameters:
userSearchBase
- search base for user searches- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
userSearchFilter
The LDAP filter used to search for users (optional). For example "(uid={0})". The substituted parameter is the user's login name.- Parameters:
userSearchFilter
- the LDAP filter used to search for users- Returns:
- the
LdapAuthenticationProviderConfigurer
for further customizations
-
configure
Description copied from interface:SecurityConfigurer
Configure theSecurityBuilder
by setting the necessary properties on theSecurityBuilder
.- Specified by:
configure
in interfaceSecurityConfigurer<AuthenticationManager,
B extends ProviderManagerBuilder<B>> - Overrides:
configure
in classSecurityConfigurerAdapter<AuthenticationManager,
B extends ProviderManagerBuilder<B>> - Throws:
Exception
-
passwordCompare
- Returns:
- the
LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>>.PasswordCompareConfigurer
for further customizations
-