Example usage for org.springframework.security.ldap.userdetails LdapAuthority LdapAuthority

List of usage examples for org.springframework.security.ldap.userdetails LdapAuthority LdapAuthority

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.ldap.userdetails.*
  5. LdapAuthority
  6. LdapAuthority

Introduction

In this page you can find the example usage for org.springframework.security.ldap.userdetails LdapAuthority LdapAuthority.

Prototype

public LdapAuthority(String role, String dn, Map<String, List<String>> attributes)

Source Link

Document

Constructs an LdapAuthority with the given role, DN and other LDAP attributes

Usage

From source file:org.springframework.security.ldap.userdetails.NestedLdapAuthoritiesPopulator.java

/**
 * Performs the nested group search/*from   w  ww . j  ava  2 s.  c o m*/
 *
 * @param userDn - the userDN to search for, will become the group DN for subsequent
 * searches
 * @param username - the username of the user
 * @param authorities - the authorities set that will be populated, must not be null
 * @param depth - the depth remaining, when 0 recursion will end
 */
private void performNestedSearch(String userDn, String username, Set<GrantedAuthority> authorities, int depth) {
    if (depth == 0) {
        // back out of recursion
        if (logger.isDebugEnabled()) {
            logger.debug("Search aborted, max depth reached," + " for roles for user '" + username + "', DN = "
                    + "'" + userDn + "', with filter " + getGroupSearchFilter() + " in search base '"
                    + getGroupSearchBase() + "'");
        }
        return;
    }

    if (logger.isDebugEnabled()) {
        logger.debug("Searching for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter "
                + getGroupSearchFilter() + " in search base '" + getGroupSearchBase() + "'");
    }

    if (getAttributeNames() == null) {
        setAttributeNames(new HashSet<>());
    }
    if (StringUtils.hasText(getGroupRoleAttribute())
            && !getAttributeNames().contains(getGroupRoleAttribute())) {
        getAttributeNames().add(getGroupRoleAttribute());
    }

    Set<Map<String, List<String>>> userRoles = getLdapTemplate().searchForMultipleAttributeValues(
            getGroupSearchBase(), getGroupSearchFilter(), new String[] { userDn, username },
            getAttributeNames().toArray(new String[getAttributeNames().size()]));

    if (logger.isDebugEnabled()) {
        logger.debug("Roles from search: " + userRoles);
    }

    for (Map<String, List<String>> record : userRoles) {
        boolean circular = false;
        String dn = record.get(SpringSecurityLdapTemplate.DN_KEY).get(0);
        List<String> roleValues = record.get(getGroupRoleAttribute());
        Set<String> roles = new HashSet<>();
        if (roleValues != null) {
            roles.addAll(roleValues);
        }
        for (String role : roles) {
            if (isConvertToUpperCase()) {
                role = role.toUpperCase();
            }
            role = getRolePrefix() + role;
            // if the group already exist, we will not search for it's parents again.
            // this prevents a forever loop for a misconfigured ldap directory
            circular = circular | (!authorities.add(new LdapAuthority(role, dn, record)));
        }
        String roleName = roles.size() > 0 ? roles.iterator().next() : dn;
        if (!circular) {
            performNestedSearch(dn, roleName, authorities, (depth - 1));
        }

    }
}