java.lang.Object

org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator

All Implemented Interfaces:: LdapAuthoritiesPopulator

public class NestedLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator

A LDAP authority populator that can recursively search static nested groups.

An example of nested groups can be

 #Nested groups data

 dn: uid=javadude,ou=people,dc=springframework,dc=org
 objectclass: top
 objectclass: person
 objectclass: organizationalPerson
 objectclass: inetOrgPerson
 cn: Java Dude
 sn: Dude
 uid: javadude
 userPassword: javadudespassword

 dn: uid=groovydude,ou=people,dc=springframework,dc=org
 objectclass: top
 objectclass: person
 objectclass: organizationalPerson
 objectclass: inetOrgPerson
 cn: Groovy Dude
 sn: Dude
 uid: groovydude
 userPassword: groovydudespassword

 dn: uid=closuredude,ou=people,dc=springframework,dc=org
 objectclass: top
 objectclass: person
 objectclass: organizationalPerson
 objectclass: inetOrgPerson
 cn: Closure Dude
 sn: Dude
 uid: closuredude
 userPassword: closuredudespassword

 dn: uid=scaladude,ou=people,dc=springframework,dc=org
 objectclass: top
 objectclass: person
 objectclass: organizationalPerson
 objectclass: inetOrgPerson
 cn: Scala Dude
 sn: Dude
 uid: scaladude
 userPassword: scaladudespassword

 dn: cn=j-developers,ou=jdeveloper,dc=springframework,dc=org
 objectclass: top
 objectclass: groupOfNames
 cn: j-developers
 ou: jdeveloper
 member: cn=java-developers,ou=groups,dc=springframework,dc=org

 dn: cn=java-developers,ou=jdeveloper,dc=springframework,dc=org
 objectclass: top
 objectclass: groupOfNames
 cn: java-developers
 ou: jdeveloper
 member: cn=groovy-developers,ou=groups,dc=springframework,dc=org
 member: cn=scala-developers,ou=groups,dc=springframework,dc=org
 member: uid=javadude,ou=people,dc=springframework,dc=org

 dn: cn=groovy-developers,ou=jdeveloper,dc=springframework,dc=org
 objectclass: top
 objectclass: groupOfNames
 cn: java-developers
 ou: jdeveloper
 member: cn=closure-developers,ou=groups,dc=springframework,dc=org
 member: uid=groovydude,ou=people,dc=springframework,dc=org

 dn: cn=closure-developers,ou=jdeveloper,dc=springframework,dc=org
 objectclass: top
 objectclass: groupOfNames
 cn: java-developers
 ou: jdeveloper
 member: uid=closuredude,ou=people,dc=springframework,dc=org

 dn: cn=scala-developers,ou=jdeveloper,dc=springframework,dc=org
 objectclass: top
 objectclass: groupOfNames
 cn: java-developers
 ou: jdeveloper
 member: uid=scaladude,ou=people,dc=springframework,dc=org *

Constructor Summary

Constructors

Constructor

Description

NestedLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource, String groupSearchBase)

Constructor for group search scenarios.
Method Summary

Modifier and Type

Method

Description

Set<org.springframework.security.core.GrantedAuthority>

getGroupMembershipRoles(String userDn, String username)

void

setAttributeNames(Set<String> attributeNames)

Sets the attribute names to retrieve for each ldap groups.

void

setMaxSearchDepth(int maxSearchDepth)

How far should a nested search go.

Methods inherited from class DefaultLdapAuthoritiesPopulator
getAdditionalRoles, getContextSource, getGrantedAuthorities, getGroupRoleAttribute, getGroupSearchBase, getGroupSearchFilter, getLdapTemplate, getRolePrefix, isConvertToUpperCase, setAuthorityMapper, setConvertToUpperCase, setDefaultRole, setGroupRoleAttribute, setGroupSearchFilter, setIgnorePartialResultException, setRolePrefix, setSearchSubtree

Methods inherited from class Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- NestedLdapAuthoritiesPopulator
  
  public NestedLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource, String groupSearchBase)
  
  Constructor for group search scenarios. userRoleAttributes may still be set as a property.
  
  Parameters:
  
  contextSource - supplies the contexts used to search for user roles.
  
  groupSearchBase - if this is an empty string the search will be performed from the root DN of the
Method Details
- getGroupMembershipRoles
  
  public Set<org.springframework.security.core.GrantedAuthority> getGroupMembershipRoles(String userDn, String username)
  
  Overrides:
  
  getGroupMembershipRoles in class DefaultLdapAuthoritiesPopulator
- setAttributeNames
  
  public void setAttributeNames(Set<String> attributeNames)
  
  Sets the attribute names to retrieve for each ldap groups. Null means retrieve all
  
  Parameters:
  
  attributeNames - - the names of the LDAP attributes to retrieve
- setMaxSearchDepth
  
  public void setMaxSearchDepth(int maxSearchDepth)
  
  How far should a nested search go. Depth is calculated in the number of levels we search up for parent groups.
  
  Parameters:
  
  maxSearchDepth - the max search depth

Class NestedLdapAuthoritiesPopulator

Constructor Summary

Method Summary

Methods inherited from class DefaultLdapAuthoritiesPopulator

Methods inherited from class Object

Constructor Details

NestedLdapAuthoritiesPopulator

Method Details

getGroupMembershipRoles

setAttributeNames

setMaxSearchDepth