Class NestedLdapAuthoritiesPopulator

java.lang.Object
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator
All Implemented Interfaces:
LdapAuthoritiesPopulator

public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator
A LDAP authority populator that can recursively search static nested groups.

An example of nested groups can be

  #Nested groups data

  dn: uid=javadude,ou=people,dc=springframework,dc=org
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Java Dude
  sn: Dude
  uid: javadude
  userPassword: javadudespassword

  dn: uid=groovydude,ou=people,dc=springframework,dc=org
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Groovy Dude
  sn: Dude
  uid: groovydude
  userPassword: groovydudespassword

  dn: uid=closuredude,ou=people,dc=springframework,dc=org
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Closure Dude
  sn: Dude
  uid: closuredude
  userPassword: closuredudespassword

  dn: uid=scaladude,ou=people,dc=springframework,dc=org
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Scala Dude
  sn: Dude
  uid: scaladude
  userPassword: scaladudespassword

  dn: cn=j-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: j-developers
  ou: jdeveloper
  member: cn=java-developers,ou=groups,dc=springframework,dc=org

  dn: cn=java-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: java-developers
  ou: jdeveloper
  member: cn=groovy-developers,ou=groups,dc=springframework,dc=org
  member: cn=scala-developers,ou=groups,dc=springframework,dc=org
  member: uid=javadude,ou=people,dc=springframework,dc=org

  dn: cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: java-developers
  ou: jdeveloper
  member: cn=closure-developers,ou=groups,dc=springframework,dc=org
  member: uid=groovydude,ou=people,dc=springframework,dc=org

  dn: cn=closure-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: java-developers
  ou: jdeveloper
  member: uid=closuredude,ou=people,dc=springframework,dc=org

  dn: cn=scala-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: java-developers
  ou: jdeveloper
  member: uid=scaladude,ou=people,dc=springframework,dc=org *
 
  • Constructor Details

    • NestedLdapAuthoritiesPopulator

      public NestedLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource, String groupSearchBase)
      Constructor for group search scenarios. userRoleAttributes may still be set as a property.
      Parameters:
      contextSource - supplies the contexts used to search for user roles.
      groupSearchBase - if this is an empty string the search will be performed from the root DN of the
  • Method Details

    • getGroupMembershipRoles

      public Set<GrantedAuthority> getGroupMembershipRoles(String userDn, String username)
      Overrides:
      getGroupMembershipRoles in class DefaultLdapAuthoritiesPopulator
    • setAttributeNames

      public void setAttributeNames(Set<String> attributeNames)
      Sets the attribute names to retrieve for each ldap groups. Null means retrieve all
      Parameters:
      attributeNames - - the names of the LDAP attributes to retrieve
    • setMaxSearchDepth

      public void setMaxSearchDepth(int maxSearchDepth)
      How far should a nested search go. Depth is calculated in the number of levels we search up for parent groups.
      Parameters:
      maxSearchDepth - the max search depth