Class LdapUserDetailsManager
- java.lang.Object
-
- org.springframework.security.ldap.userdetails.LdapUserDetailsManager
-
- All Implemented Interfaces:
org.springframework.security.core.userdetails.UserDetailsService
,org.springframework.security.provisioning.UserDetailsManager
public class LdapUserDetailsManager extends java.lang.Object implements org.springframework.security.provisioning.UserDetailsManager
An Ldap implementation of UserDetailsManager.It is designed around a standard setup where users and groups/roles are stored under separate contexts, defined by the "userDnBase" and "groupSearchBase" properties respectively.
In this case, LDAP is being used purely to retrieve information and this class can be used in place of any other UserDetailsService for authentication. Authentication isn't performed directly against the directory, unlike with the LDAP authentication provider setup.
- Since:
- 2.0
-
-
Constructor Summary
Constructors Constructor Description LdapUserDetailsManager(org.springframework.ldap.core.ContextSource contextSource)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
addAuthorities(org.springframework.ldap.core.DistinguishedName userDn, java.util.Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)
protected org.springframework.ldap.core.DistinguishedName
buildGroupDn(java.lang.String group)
Creates a DN from a group name.void
changePassword(java.lang.String oldPassword, java.lang.String newPassword)
Changes the password for the current user.protected void
copyToContext(org.springframework.security.core.userdetails.UserDetails user, org.springframework.ldap.core.DirContextAdapter ctx)
void
createUser(org.springframework.security.core.userdetails.UserDetails user)
void
deleteUser(java.lang.String username)
org.springframework.security.core.userdetails.UserDetails
loadUserByUsername(java.lang.String username)
protected void
removeAuthorities(org.springframework.ldap.core.DistinguishedName userDn, java.util.Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)
void
setAttributesToRetrieve(java.lang.String[] attributesToRetrieve)
void
setGroupMemberAttributeName(java.lang.String groupMemberAttributeName)
Sets the name of the multi-valued attribute which holds the DNs of users who are members of a group.void
setGroupRoleAttributeName(java.lang.String groupRoleAttributeName)
void
setGroupSearchBase(java.lang.String groupSearchBase)
void
setPasswordAttributeName(java.lang.String passwordAttributeName)
void
setRoleMapper(org.springframework.ldap.core.AttributesMapper roleMapper)
void
setUsePasswordModifyExtensionOperation(boolean usePasswordModifyExtensionOperation)
Sets the method by which a user's password gets modified.void
setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper)
void
setUsernameMapper(LdapUsernameToDnMapper usernameMapper)
void
updateUser(org.springframework.security.core.userdetails.UserDetails user)
boolean
userExists(java.lang.String username)
-
-
-
Method Detail
-
loadUserByUsername
public org.springframework.security.core.userdetails.UserDetails loadUserByUsername(java.lang.String username)
- Specified by:
loadUserByUsername
in interfaceorg.springframework.security.core.userdetails.UserDetailsService
-
changePassword
public void changePassword(java.lang.String oldPassword, java.lang.String newPassword)
Changes the password for the current user. The username is obtained from the security context. There are two supported strategies for modifying the user's password depending on the capabilities of the corresponding LDAP server.Configured one way, this method will modify the user's password via the LDAP Password Modify Extended Operation . See
setUsePasswordModifyExtensionOperation(boolean)
for details.By default, though, if the old password is supplied, the update will be made by rebinding as the user, thus modifying the password using the user's permissions. If
oldPassword
is null, the update will be attempted using a standard read/write context supplied by the context source.- Specified by:
changePassword
in interfaceorg.springframework.security.provisioning.UserDetailsManager
- Parameters:
oldPassword
- the old passwordnewPassword
- the new value of the password.
-
createUser
public void createUser(org.springframework.security.core.userdetails.UserDetails user)
- Specified by:
createUser
in interfaceorg.springframework.security.provisioning.UserDetailsManager
-
updateUser
public void updateUser(org.springframework.security.core.userdetails.UserDetails user)
- Specified by:
updateUser
in interfaceorg.springframework.security.provisioning.UserDetailsManager
-
deleteUser
public void deleteUser(java.lang.String username)
- Specified by:
deleteUser
in interfaceorg.springframework.security.provisioning.UserDetailsManager
-
userExists
public boolean userExists(java.lang.String username)
- Specified by:
userExists
in interfaceorg.springframework.security.provisioning.UserDetailsManager
-
buildGroupDn
protected org.springframework.ldap.core.DistinguishedName buildGroupDn(java.lang.String group)
Creates a DN from a group name.- Parameters:
group
- the name of the group- Returns:
- the DN of the corresponding group, including the groupSearchBase
-
copyToContext
protected void copyToContext(org.springframework.security.core.userdetails.UserDetails user, org.springframework.ldap.core.DirContextAdapter ctx)
-
addAuthorities
protected void addAuthorities(org.springframework.ldap.core.DistinguishedName userDn, java.util.Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)
-
removeAuthorities
protected void removeAuthorities(org.springframework.ldap.core.DistinguishedName userDn, java.util.Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)
-
setUsernameMapper
public void setUsernameMapper(LdapUsernameToDnMapper usernameMapper)
-
setPasswordAttributeName
public void setPasswordAttributeName(java.lang.String passwordAttributeName)
-
setGroupSearchBase
public void setGroupSearchBase(java.lang.String groupSearchBase)
-
setGroupRoleAttributeName
public void setGroupRoleAttributeName(java.lang.String groupRoleAttributeName)
-
setAttributesToRetrieve
public void setAttributesToRetrieve(java.lang.String[] attributesToRetrieve)
-
setUserDetailsMapper
public void setUserDetailsMapper(UserDetailsContextMapper userDetailsMapper)
-
setGroupMemberAttributeName
public void setGroupMemberAttributeName(java.lang.String groupMemberAttributeName)
Sets the name of the multi-valued attribute which holds the DNs of users who are members of a group.Usually this will be uniquemember (the default value) or member.
- Parameters:
groupMemberAttributeName
- the name of the attribute used to store group members.
-
setRoleMapper
public void setRoleMapper(org.springframework.ldap.core.AttributesMapper roleMapper)
-
setUsePasswordModifyExtensionOperation
public void setUsePasswordModifyExtensionOperation(boolean usePasswordModifyExtensionOperation)
Sets the method by which a user's password gets modified. If set totrue
, thenchangePassword(java.lang.String, java.lang.String)
will modify the user's password by way of the Password Modify Extension Operation. If set tofalse
, thenchangePassword(java.lang.String, java.lang.String)
will modify the user's password by directly modifying attributes on the corresponding entry. Before using this setting, ensure that the corresponding LDAP server supports this extended operation. By default,usePasswordModifyExtensionOperation
is false.- Parameters:
usePasswordModifyExtensionOperation
-- Since:
- 4.2.9
-
-