List of usage examples for org.springframework.security.ldap SpringSecurityLdapTemplate DN_KEY
String DN_KEY
To view the source code for org.springframework.security.ldap SpringSecurityLdapTemplate DN_KEY.
Click Source Link
From source file:org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator.java
/** * Performs the nested group search//from w w w . ja v a2s . c om * * @param userDn - the userDN to search for, will become the group DN for subsequent * searches * @param username - the username of the user * @param authorities - the authorities set that will be populated, must not be null * @param depth - the depth remaining, when 0 recursion will end */ private void performNestedSearch(String userDn, String username, Set<GrantedAuthority> authorities, int depth) { if (depth == 0) { // back out of recursion if (logger.isDebugEnabled()) { logger.debug("Search aborted, max depth reached," + " for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter " + getGroupSearchFilter() + " in search base '" + getGroupSearchBase() + "'"); } return; } if (logger.isDebugEnabled()) { logger.debug("Searching for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter " + getGroupSearchFilter() + " in search base '" + getGroupSearchBase() + "'"); } if (getAttributeNames() == null) { setAttributeNames(new HashSet<>()); } if (StringUtils.hasText(getGroupRoleAttribute()) && !getAttributeNames().contains(getGroupRoleAttribute())) { getAttributeNames().add(getGroupRoleAttribute()); } Set<Map<String, List<String>>> userRoles = getLdapTemplate().searchForMultipleAttributeValues( getGroupSearchBase(), getGroupSearchFilter(), new String[] { userDn, username }, getAttributeNames().toArray(new String[getAttributeNames().size()])); if (logger.isDebugEnabled()) { logger.debug("Roles from search: " + userRoles); } for (Map<String, List<String>> record : userRoles) { boolean circular = false; String dn = record.get(SpringSecurityLdapTemplate.DN_KEY).get(0); List<String> roleValues = record.get(getGroupRoleAttribute()); Set<String> roles = new HashSet<>(); if (roleValues != null) { roles.addAll(roleValues); } for (String role : roles) { if (isConvertToUpperCase()) { role = role.toUpperCase(); } role = getRolePrefix() + role; // if the group already exist, we will not search for it's parents again. // this prevents a forever loop for a misconfigured ldap directory circular = circular | (!authorities.add(new LdapAuthority(role, dn, record))); } String roleName = roles.size() > 0 ? roles.iterator().next() : dn; if (!circular) { performNestedSearch(dn, roleName, authorities, (depth - 1)); } } }