org.pentaho.platform.plugin.services.security.userrole.ldap
Class NestedLdapAuthoritiesPopulator
java.lang.Object
org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator
org.pentaho.platform.plugin.services.security.userrole.ldap.NestedLdapAuthoritiesPopulator
- All Implemented Interfaces:
- org.springframework.beans.factory.InitializingBean, org.springframework.security.ldap.LdapAuthoritiesPopulator
public class NestedLdapAuthoritiesPopulator
- extends org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator
- implements org.springframework.beans.factory.InitializingBean
Uses a map, defined in Spring, that maps child roles to parent roles. Using this map, one can specify a hierarchy of
roles that doesn't necessarily exist in the directory. Why would you need this? It is potentially prohibitive to
repeatedly query the directory to recursively find all parents of a given child role.
The map below specifies that the Marketing and Sales roles are child roles of the BIReporting role. So if user
suzy belongs to the Marketing role, she will be assigned both Marketing and BIReporting roles by the time this
populator returns.
Any role prefix and/or case manipulation must be present in this mapping. In other words, if a role prefix has
been set to ROLE_
, and convertToUpperCase
has been set to true
, then both the
keys and values must begin with ROLE_
and be all uppercase.
<property name="extraRolesMapping">
<map>
<entry key="Marketing" value="BIReporting" />
<entry key="Sales" value="BIReporting" />
</map>
</property>
Based on http://forum.springframework.org/showthread.php?t=28007
- Author:
- mlowery
Methods inherited from class org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator |
getGrantedAuthorities, setConvertToUpperCase, setDefaultRole, setGroupRoleAttribute, setGroupSearchFilter, setRolePrefix, setSearchSubtree |
NestedLdapAuthoritiesPopulator
public NestedLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource,
String groupSearchBase)
getGroupMembershipRoles
public Set getGroupMembershipRoles(String userDn,
String username)
- Calls super's implementation then adds extra roles.
- Overrides:
getGroupMembershipRoles
in class org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator
getExtraRolesMapping
public Map getExtraRolesMapping()
setExtraRolesMapping
public void setExtraRolesMapping(Map extraRolesMapping)
afterPropertiesSet
public void afterPropertiesSet()
throws Exception
- Specified by:
afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
- Throws:
Exception