Class NestedLdapAuthoritiesPopulator
java.lang.Object
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator
- All Implemented Interfaces:
LdapAuthoritiesPopulator
A LDAP authority populator that can recursively search static nested groups.
An example of nested groups can be
#Nested groups data dn: uid=javadude,ou=people,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Java Dude sn: Dude uid: javadude userPassword: javadudespassword dn: uid=groovydude,ou=people,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Groovy Dude sn: Dude uid: groovydude userPassword: groovydudespassword dn: uid=closuredude,ou=people,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Closure Dude sn: Dude uid: closuredude userPassword: closuredudespassword dn: uid=scaladude,ou=people,dc=springframework,dc=org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson cn: Scala Dude sn: Dude uid: scaladude userPassword: scaladudespassword dn: cn=j-developers,ou=jdeveloper,dc=springframework,dc=org objectclass: top objectclass: groupOfNames cn: j-developers ou: jdeveloper member: cn=java-developers,ou=groups,dc=springframework,dc=org dn: cn=java-developers,ou=jdeveloper,dc=springframework,dc=org objectclass: top objectclass: groupOfNames cn: java-developers ou: jdeveloper member: cn=groovy-developers,ou=groups,dc=springframework,dc=org member: cn=scala-developers,ou=groups,dc=springframework,dc=org member: uid=javadude,ou=people,dc=springframework,dc=org dn: cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org objectclass: top objectclass: groupOfNames cn: java-developers ou: jdeveloper member: cn=closure-developers,ou=groups,dc=springframework,dc=org member: uid=groovydude,ou=people,dc=springframework,dc=org dn: cn=closure-developers,ou=jdeveloper,dc=springframework,dc=org objectclass: top objectclass: groupOfNames cn: java-developers ou: jdeveloper member: uid=closuredude,ou=people,dc=springframework,dc=org dn: cn=scala-developers,ou=jdeveloper,dc=springframework,dc=org objectclass: top objectclass: groupOfNames cn: java-developers ou: jdeveloper member: uid=scaladude,ou=people,dc=springframework,dc=org *
-
Constructor Summary
ConstructorDescriptionNestedLdapAuthoritiesPopulator
(org.springframework.ldap.core.ContextSource contextSource, String groupSearchBase) Constructor for group search scenarios. -
Method Summary
Modifier and TypeMethodDescriptiongetGroupMembershipRoles
(String userDn, String username) void
setAttributeNames
(Set<String> attributeNames) Sets the attribute names to retrieve for each ldap groups.void
setMaxSearchDepth
(int maxSearchDepth) How far should a nested search go.Methods inherited from class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
getAdditionalRoles, getContextSource, getGrantedAuthorities, getGroupRoleAttribute, getGroupSearchBase, getGroupSearchFilter, getLdapTemplate, getRolePrefix, isConvertToUpperCase, setAuthorityMapper, setConvertToUpperCase, setDefaultRole, setGroupRoleAttribute, setGroupSearchFilter, setIgnorePartialResultException, setRolePrefix, setSearchSubtree
-
Constructor Details
-
NestedLdapAuthoritiesPopulator
public NestedLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource, String groupSearchBase) Constructor for group search scenarios. userRoleAttributes may still be set as a property.- Parameters:
contextSource
- supplies the contexts used to search for user roles.groupSearchBase
- if this is an empty string the search will be performed from the root DN of the
-
-
Method Details
-
getGroupMembershipRoles
- Overrides:
getGroupMembershipRoles
in classDefaultLdapAuthoritiesPopulator
-
setAttributeNames
Sets the attribute names to retrieve for each ldap groups. Null means retrieve all- Parameters:
attributeNames
- - the names of the LDAP attributes to retrieve
-
setMaxSearchDepth
public void setMaxSearchDepth(int maxSearchDepth) How far should a nested search go. Depth is calculated in the number of levels we search up for parent groups.- Parameters:
maxSearchDepth
- the max search depth
-