Class LdapUserDetailsMapper
java.lang.Object
org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
- All Implemented Interfaces:
UserDetailsContextMapper
The context mapper used by the LDAP authentication provider to create an LDAP user
object.
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected GrantedAuthority
createAuthority
(Object role) Creates a GrantedAuthority from a role attribute.protected String
mapPassword
(Object passwordValue) Extension point to allow customized creation of the user's password from the attribute stored in the directory.mapUserFromContext
(org.springframework.ldap.core.DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) Creates a fully populated UserDetails object for use by the security framework.void
mapUserToContext
(UserDetails user, org.springframework.ldap.core.DirContextAdapter ctx) Reverse of the above operation.void
setConvertToUpperCase
(boolean convertToUpperCase) Determines whether role field values will be converted to upper case when loaded.void
setPasswordAttributeName
(String passwordAttributeName) The name of the attribute which contains the user's password.void
setRoleAttributes
(String[] roleAttributes) The names of any attributes in the user's entry which represent application roles.void
setRolePrefix
(String rolePrefix) The prefix that should be applied to the role names
-
Constructor Details
-
LdapUserDetailsMapper
public LdapUserDetailsMapper()
-
-
Method Details
-
mapUserFromContext
public UserDetails mapUserFromContext(org.springframework.ldap.core.DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) Description copied from interface:UserDetailsContextMapper
Creates a fully populated UserDetails object for use by the security framework.- Specified by:
mapUserFromContext
in interfaceUserDetailsContextMapper
- Parameters:
ctx
- the context object which contains the user information.username
- the user's supplied login name.authorities
- the authorities to add to theUserDetails
instance- Returns:
- the user object.
-
mapUserToContext
Description copied from interface:UserDetailsContextMapper
Reverse of the above operation. Populates a context object from the supplied user object. Called when saving a user, for example.- Specified by:
mapUserToContext
in interfaceUserDetailsContextMapper
-
mapPassword
Extension point to allow customized creation of the user's password from the attribute stored in the directory.- Parameters:
passwordValue
- the value of the password attribute- Returns:
- a String representation of the password.
-
createAuthority
Creates a GrantedAuthority from a role attribute. Override to customize authority object creation.The default implementation converts string attributes to roles, making use of the rolePrefix and convertToUpperCase properties. Non-String attributes are ignored.
- Parameters:
role
- the attribute returned from- Returns:
- the authority to be added to the list of authorities for the user, or null if this attribute should be ignored.
-
setConvertToUpperCase
public void setConvertToUpperCase(boolean convertToUpperCase) Determines whether role field values will be converted to upper case when loaded. The default is true.- Parameters:
convertToUpperCase
- true if the roles should be converted to upper case.
-
setPasswordAttributeName
The name of the attribute which contains the user's password. Defaults to "userPassword".- Parameters:
passwordAttributeName
- the name of the attribute
-
setRoleAttributes
The names of any attributes in the user's entry which represent application roles. These will be converted to GrantedAuthoritys and added to the list in the returned LdapUserDetails object. The attribute values must be Strings by default.- Parameters:
roleAttributes
- the names of the role attributes.
-
setRolePrefix
The prefix that should be applied to the role names- Parameters:
rolePrefix
- the prefix (defaults to "ROLE_").
-