org.apereo.cas.authorization

Class LdapUserAttributesToRolesAuthorizationGenerator

java.lang.Object

org.apereo.cas.authorization.BaseUseAttributesAuthorizationGenerator

org.apereo.cas.authorization.LdapUserAttributesToRolesAuthorizationGenerator

All Implemented Interfaces:

org.pac4j.core.authorization.generator.AuthorizationGenerator<org.pac4j.core.profile.CommonProfile>

public class LdapUserAttributesToRolesAuthorizationGenerator
extends BaseUseAttributesAuthorizationGenerator

Provides a simple AuthorizationGenerator implementation that obtains user roles from an LDAP search. Searches are performed by this component for every user details lookup:

1. Search for an entry to resolve the username. In most cases the search should return exactly one result, but the BaseUseAttributesAuthorizationGenerator.allowMultipleResults property may be toggled to change that behavior.

Since:

4.0.0

Field Summary

Fields inherited from class org.apereo.cas.authorization.BaseUseAttributesAuthorizationGenerator

connectionFactory

Constructor Summary

Constructors

Constructor and Description
LdapUserAttributesToRolesAuthorizationGenerator(org.ldaptive.ConnectionFactory factory, org.ldaptive.SearchExecutor userSearchExecutor, boolean allowMultipleResults, java.lang.String roleAttribute, java.lang.String rolePrefix) Creates a new instance with the given required parameters.

Method Summary

Modifier and Type	Method and Description
protected org.pac4j.core.profile.CommonProfile	generateAuthorizationForLdapEntry(org.pac4j.core.profile.CommonProfile profile, org.ldaptive.LdapEntry userEntry) Generate authorization for ldap entry.

Methods inherited from class org.apereo.cas.authorization.BaseUseAttributesAuthorizationGenerator

addProfileRoles, addProfileRolesFromAttributes, generate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LdapUserAttributesToRolesAuthorizationGenerator

public LdapUserAttributesToRolesAuthorizationGenerator(org.ldaptive.ConnectionFactory factory,
                                                       org.ldaptive.SearchExecutor userSearchExecutor,
                                                       boolean allowMultipleResults,
                                                       java.lang.String roleAttribute,
                                                       java.lang.String rolePrefix)

Creates a new instance with the given required parameters.

Parameters:

factory - Source of LDAP connections for searches.

userSearchExecutor - Executes the LDAP search for user data.

allowMultipleResults - allow multiple search results in which case the first result returned is used to construct user details, or false to indicate that a runtime exception should be raised on multiple search results for user details.

roleAttribute - the role attribute

rolePrefix - the role prefix

Method Detail

generateAuthorizationForLdapEntry

protected org.pac4j.core.profile.CommonProfile generateAuthorizationForLdapEntry(org.pac4j.core.profile.CommonProfile profile,
                                                                                 org.ldaptive.LdapEntry userEntry)

Description copied from class: BaseUseAttributesAuthorizationGenerator

Generate authorization for ldap entry.

Overrides:

generateAuthorizationForLdapEntry in class BaseUseAttributesAuthorizationGenerator

Parameters:

profile - the profile

userEntry - the user entry

Returns:

the common profile