java.lang.Object

org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator

All Implemented Interfaces:: LdapAuthoritiesPopulator

public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator

A LDAP authority populator that can recursively search static nested groups.

An example of nested groups can be

  #Nested groups data

  dn: uid=javadude,ou=people,dc=springframework,dc=org
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Java Dude
  sn: Dude
  uid: javadude
  userPassword: javadudespassword

  dn: uid=groovydude,ou=people,dc=springframework,dc=org
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Groovy Dude
  sn: Dude
  uid: groovydude
  userPassword: groovydudespassword

  dn: uid=closuredude,ou=people,dc=springframework,dc=org
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Closure Dude
  sn: Dude
  uid: closuredude
  userPassword: closuredudespassword

  dn: uid=scaladude,ou=people,dc=springframework,dc=org
  objectclass: top
  objectclass: person
  objectclass: organizationalPerson
  objectclass: inetOrgPerson
  cn: Scala Dude
  sn: Dude
  uid: scaladude
  userPassword: scaladudespassword

  dn: cn=j-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: j-developers
  ou: jdeveloper
  member: cn=java-developers,ou=groups,dc=springframework,dc=org

  dn: cn=java-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: java-developers
  ou: jdeveloper
  member: cn=groovy-developers,ou=groups,dc=springframework,dc=org
  member: cn=scala-developers,ou=groups,dc=springframework,dc=org
  member: uid=javadude,ou=people,dc=springframework,dc=org

  dn: cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: java-developers
  ou: jdeveloper
  member: cn=closure-developers,ou=groups,dc=springframework,dc=org
  member: uid=groovydude,ou=people,dc=springframework,dc=org

  dn: cn=closure-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: java-developers
  ou: jdeveloper
  member: uid=closuredude,ou=people,dc=springframework,dc=org

  dn: cn=scala-developers,ou=jdeveloper,dc=springframework,dc=org
  objectclass: top
  objectclass: groupOfNames
  cn: java-developers
  ou: jdeveloper
  member: uid=scaladude,ou=people,dc=springframework,dc=org *

Constructor Summary

Constructors

Constructor

Description

NestedLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource, String groupSearchBase)

Constructor for group search scenarios.
Method Summary

Modifier and Type

Method

Description

Set<GrantedAuthority>

getGroupMembershipRoles(String userDn, String username)

void

setAttributeNames(Set<String> attributeNames)

Sets the attribute names to retrieve for each ldap groups.

void

setMaxSearchDepth(int maxSearchDepth)

How far should a nested search go.

Methods inherited from class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
getAdditionalRoles, getContextSource, getGrantedAuthorities, getGroupRoleAttribute, getGroupSearchBase, getGroupSearchFilter, getLdapTemplate, getRolePrefix, isConvertToUpperCase, setAuthorityMapper, setConvertToUpperCase, setDefaultRole, setGroupRoleAttribute, setGroupSearchFilter, setIgnorePartialResultException, setRolePrefix, setSearchSubtree

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- NestedLdapAuthoritiesPopulator
  
  public NestedLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource, String groupSearchBase)
  
  Constructor for group search scenarios. userRoleAttributes may still be set as a property.
  
  Parameters:
  
  contextSource - supplies the contexts used to search for user roles.
  
  groupSearchBase - if this is an empty string the search will be performed from the root DN of the
Method Details
- getGroupMembershipRoles
  
  public Set<GrantedAuthority> getGroupMembershipRoles(String userDn, String username)
  
  Overrides:
  
  getGroupMembershipRoles in class DefaultLdapAuthoritiesPopulator
- setAttributeNames
  
  public void setAttributeNames(Set<String> attributeNames)
  
  Sets the attribute names to retrieve for each ldap groups. Null means retrieve all
  
  Parameters:
  
  attributeNames - - the names of the LDAP attributes to retrieve
- setMaxSearchDepth
  
  public void setMaxSearchDepth(int maxSearchDepth)
  
  How far should a nested search go. Depth is calculated in the number of levels we search up for parent groups.
  
  Parameters:
  
  maxSearchDepth - the max search depth

Class NestedLdapAuthoritiesPopulator

Constructor Summary

Method Summary

Methods inherited from class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

Methods inherited from class java.lang.Object

Constructor Details

NestedLdapAuthoritiesPopulator

Method Details

getGroupMembershipRoles

setAttributeNames

setMaxSearchDepth