/** * Gets the {@link LdapAuthoritiesPopulator} and defaults to * {@link DefaultLdapAuthoritiesPopulator} * * @return the {@link LdapAuthoritiesPopulator} */ private LdapAuthoritiesPopulator getLdapAuthoritiesPopulator() { if (ldapAuthoritiesPopulator != null) { return ldapAuthoritiesPopulator; } DefaultLdapAuthoritiesPopulator defaultAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator( contextSource, groupSearchBase); defaultAuthoritiesPopulator.setGroupRoleAttribute(groupRoleAttribute); defaultAuthoritiesPopulator.setGroupSearchFilter(groupSearchFilter); defaultAuthoritiesPopulator.setRolePrefix(this.rolePrefix); this.ldapAuthoritiesPopulator = defaultAuthoritiesPopulator; return defaultAuthoritiesPopulator; }
/** * Obtains the authorities for the user who's directory entry is represented by the * supplied LdapUserDetails object. * * @param user the user who's authorities are required * @return the set of roles granted to the user. */ @Override public final Collection<GrantedAuthority> getGrantedAuthorities( DirContextOperations user, String username) { String userDn = user.getNameInNamespace(); if (logger.isDebugEnabled()) { logger.debug("Getting authorities for user " + userDn); } Set<GrantedAuthority> roles = getGroupMembershipRoles(userDn, username); Set<GrantedAuthority> extraRoles = getAdditionalRoles(user, username); if (extraRoles != null) { roles.addAll(extraRoles); } if (this.defaultRole != null) { roles.add(this.defaultRole); } List<GrantedAuthority> result = new ArrayList<>(roles.size()); result.addAll(roles); return result; }
public Set<GrantedAuthority> getGroupMembershipRoles(String userDn, String username) { if (getGroupSearchBase() == null) { return new HashSet<>(); } Set<GrantedAuthority> authorities = new HashSet<>(); if (logger.isDebugEnabled()) { logger.debug("Searching for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter " + this.groupSearchFilter + " in search base '" + getGroupSearchBase() + "'"); } Set<String> userRoles = getLdapTemplate().searchForSingleAttributeValues( getGroupSearchBase(), this.groupSearchFilter, new String[] { userDn, username }, this.groupRoleAttribute); if (logger.isDebugEnabled()) { logger.debug("Roles from search: " + userRoles); } for (String role : userRoles) { if (this.convertToUpperCase) { role = role.toUpperCase(); } authorities.add(new SimpleGrantedAuthority(this.rolePrefix + role)); } return authorities; }
@Bean public LdapAuthenticationProvider ldapAuthProvider() { BindAuthenticator bindAuthenticator = new BindAuthenticator(ldapContextSource); bindAuthenticator.setUserSearch(userSearch()); DefaultLdapAuthoritiesPopulator defaultAuthAutoConfiguration = new DefaultLdapAuthoritiesPopulator( ldapContextSource, null); defaultAuthAutoConfiguration.setIgnorePartialResultException(true); defaultAuthAutoConfiguration.setSearchSubtree(true); LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider( bindAuthenticator, defaultAuthAutoConfiguration); return ldapAuthenticationProvider; }
/** * Gets the {@link LdapAuthoritiesPopulator} and defaults to * {@link DefaultLdapAuthoritiesPopulator} * * @return the {@link LdapAuthoritiesPopulator} */ private LdapAuthoritiesPopulator getLdapAuthoritiesPopulator() { if (ldapAuthoritiesPopulator != null) { return ldapAuthoritiesPopulator; } DefaultLdapAuthoritiesPopulator defaultAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator( contextSource, groupSearchBase); defaultAuthoritiesPopulator.setGroupRoleAttribute(groupRoleAttribute); defaultAuthoritiesPopulator.setGroupSearchFilter(groupSearchFilter); this.ldapAuthoritiesPopulator = defaultAuthoritiesPopulator; return defaultAuthoritiesPopulator; }
private DefaultLdapAuthoritiesPopulator getDefaultLdapAuthoritiesPopulator( LdapContextSource ldapContextSource) { DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator( ldapContextSource, ldapGroupSearchBase); defaultLdapAuthoritiesPopulator .setGroupRoleAttribute(ldapGroupRoleAttribute); defaultLdapAuthoritiesPopulator .setGroupSearchFilter(ldapGroupSearchFilter); defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true); return defaultLdapAuthoritiesPopulator; }
/** * Create a new DefaultLdapAuthoritiesPopulator object. * * @return a DefaultLdapAuthoritiesPopulator. */ private DefaultLdapAuthoritiesPopulator create() { DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator( contextSource, groupSearchBase); populator.setConvertToUpperCase(convertToUpperCase); if (defaultRole != null) { populator.setDefaultRole(defaultRole); } populator.setGroupRoleAttribute(groupRoleAttribute); populator.setGroupSearchFilter(groupSearchFilter); populator.setRolePrefix(rolePrefix); populator.setSearchSubtree(searchSubtree); return populator; }
ldapContext.setAnonymousReadOnly(true); authPopulator = new DefaultLdapAuthoritiesPopulator( ldapContext, ldapConfig.getGroupSearchBase()); .setGroupSearchFilter(ldapConfig.getGroupSearchFilter());
.rolePrefix(""); DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(contextSource, environment.getProperty("security.providers[" + providerIdx + "].group-search-base", "")); populator.setRolePrefix("");
@Override public void setGroupSearchFilter(final String groupSearchFilter) { super.setGroupSearchFilter(groupSearchFilter); this.groupSearchFilter = groupSearchFilter; }
@Override public void setGroupRoleAttribute(final String groupRoleAttribute) { super.setGroupRoleAttribute(groupRoleAttribute); this.groupRoleAttribute = groupRoleAttribute; }
@Bean public OsiamLdapAuthenticationProvider createLdapAuthProvider() { if (isLdapConfigured) { createLdapToScimAttributeMapping(); DefaultSpringSecurityContextSource contextSource = createLdapContextSource(); BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource); bindAuthenticator.setUserDnPatterns(dnPatterns); bindAuthenticator.setUserAttributes(attributes); OsiamLdapUserContextMapper mapper = new OsiamLdapUserContextMapper(scimLdapAttributes); DefaultLdapAuthoritiesPopulator authoritiesPopulator = new DefaultLdapAuthoritiesPopulator(contextSource, groupSearchBase); OsiamLdapAuthenticationProvider provider = new OsiamLdapAuthenticationProvider(bindAuthenticator, authoritiesPopulator, mapper); authenticationManager.getProviders().add(provider); return provider; } return null; }
@Override public void setRolePrefix(String rolePrefix) { super.setRolePrefix(rolePrefix); this.rolePrefix = rolePrefix; }
@Override public Set<GrantedAuthority> getGroupMembershipRoles(String userDn, String username) { Set<GrantedAuthority> authorities = super.getGroupMembershipRoles(userDn, username); Set<GrantedAuthority> userAuthorities = Sets.newHashSet(authorities); if (authorities.contains(adminRoleAsAuthority)) { userAuthorities.add(new SimpleGrantedAuthority(Constant.ROLE_ADMIN)); } return userAuthorities; }
public Set<GrantedAuthority> getGroupMembershipRoles(String userDn, String username) { if (getGroupSearchBase() == null) { return Collections.emptySet(); } Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>(); if (logger.isDebugEnabled()) { logger.debug("Searching for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter " + groupSearchFilter + " in search base '" + getGroupSearchBase() + "'"); } Set<String> userRoles = ldapTemplate.searchForSingleAttributeValues(getGroupSearchBase(), groupSearchFilter, new String[]{userDn, username}, groupRoleAttribute); if (logger.isDebugEnabled()) { logger.debug("Roles from search: " + userRoles); } for (String role : userRoles) { if (convertToUpperCase) { role = role.toUpperCase(); } authorities.add(new GrantedAuthorityImpl(rolePrefix + role)); } return authorities; }
private LdapAuthoritiesPopulator createPopulator(BaseLdapPathContextSource contextSource, LdapProviderConfiguration configuration) { String groupSearchBase = configuration.getGroupSearchBase(); String groupSearchFilter = configuration.getGroupSearchFilter(); String groupRoleAttribute = configuration.getGroupRoleAttribute(); DefaultLdapAuthoritiesPopulator populator = new DefaultLdapAuthoritiesPopulator(contextSource, groupSearchBase); populator.setGroupSearchFilter(groupSearchFilter); populator.setGroupRoleAttribute(groupRoleAttribute); return populator; }
DefaultLdapAuthoritiesPopulator defaultLdapAuthoritiesPopulator = new DefaultLdapAuthoritiesPopulator( ldapContextSource, ldapGroupSearchBase); defaultLdapAuthoritiesPopulator.setGroupRoleAttribute(ldapGroupRoleAttribute); defaultLdapAuthoritiesPopulator.setGroupSearchFilter(ldapGroupSearchFilter); defaultLdapAuthoritiesPopulator.setIgnorePartialResultException(true);
@Override public void setGroupSearchFilter(String groupSearchFilter) { super.setGroupSearchFilter(groupSearchFilter); this.groupSearchFilter = groupSearchFilter; }
@Override public void setGroupRoleAttribute(String groupRoleAttribute) { super.setGroupRoleAttribute(groupRoleAttribute); this.groupRoleAttribute = groupRoleAttribute; }
@Override public void setRolePrefix(String rolePrefix) { super.setRolePrefix(rolePrefix); this.rolePrefix = rolePrefix; }