org.apereo.cas.authorization

Class LdapUserGroupsToRolesAuthorizationGenerator

java.lang.Object

org.apereo.cas.authorization.BaseUseAttributesAuthorizationGenerator

org.apereo.cas.authorization.LdapUserGroupsToRolesAuthorizationGenerator

All Implemented Interfaces:

org.pac4j.core.authorization.generator.AuthorizationGenerator<org.pac4j.core.profile.CommonProfile>

public class LdapUserGroupsToRolesAuthorizationGenerator
extends BaseUseAttributesAuthorizationGenerator

Provides a simple AuthorizationGenerator implementation that obtains user roles from an LDAP search. Two searches are performed by this component for every user details lookup:

1. Search for an entry to resolve the username. In most cases the search should return exactly one result, but the BaseUseAttributesAuthorizationGenerator.allowMultipleResults property may be toggled to change that behavior.
2. Search for groups of which the user is a member. This search commonly occurs on a separate directory branch than that of the user search.

Since:

5.1.0

Field Summary

Fields inherited from class org.apereo.cas.authorization.BaseUseAttributesAuthorizationGenerator

connectionFactory

Constructor Summary

Constructors

Constructor and Description
LdapUserGroupsToRolesAuthorizationGenerator(org.ldaptive.ConnectionFactory factory, org.ldaptive.SearchExecutor userSearchExecutor, boolean allowMultipleResults, java.lang.String groupAttributeName, java.lang.String groupPrefix, org.ldaptive.SearchExecutor groupSearchExecutor) Instantiates a new Ldap user groups to roles authorization generator.

Method Summary

Modifier and Type	Method and Description
protected org.pac4j.core.profile.CommonProfile	generateAuthorizationForLdapEntry(org.pac4j.core.profile.CommonProfile profile, org.ldaptive.LdapEntry userEntry) Generate authorization for ldap entry.

Methods inherited from class org.apereo.cas.authorization.BaseUseAttributesAuthorizationGenerator

addProfileRoles, addProfileRolesFromAttributes, generate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LdapUserGroupsToRolesAuthorizationGenerator

public LdapUserGroupsToRolesAuthorizationGenerator(org.ldaptive.ConnectionFactory factory,
                                                   org.ldaptive.SearchExecutor userSearchExecutor,
                                                   boolean allowMultipleResults,
                                                   java.lang.String groupAttributeName,
                                                   java.lang.String groupPrefix,
                                                   org.ldaptive.SearchExecutor groupSearchExecutor)

Instantiates a new Ldap user groups to roles authorization generator.

Parameters:

factory - the factory

userSearchExecutor - the user search executor

allowMultipleResults - the allow multiple results

groupAttributeName - the group attribute name

groupPrefix - the group prefix

groupSearchExecutor - the group search executor

Method Detail

generateAuthorizationForLdapEntry

protected org.pac4j.core.profile.CommonProfile generateAuthorizationForLdapEntry(org.pac4j.core.profile.CommonProfile profile,
                                                                                 org.ldaptive.LdapEntry userEntry)

Description copied from class: BaseUseAttributesAuthorizationGenerator

Generate authorization for ldap entry.

Overrides:

generateAuthorizationForLdapEntry in class BaseUseAttributesAuthorizationGenerator

Parameters:

profile - the profile

userEntry - the user entry

Returns:

the common profile