Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.pentaho.platform.plugin.services.security.userrole.ldap
Class NestedLdapAuthoritiesPopulator

java.lang.Object
  extended by org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator
      extended by org.pentaho.platform.plugin.services.security.userrole.ldap.NestedLdapAuthoritiesPopulator
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, org.springframework.security.ldap.LdapAuthoritiesPopulator
public class NestedLdapAuthoritiesPopulator
extends org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator
implements org.springframework.beans.factory.InitializingBean

Uses a map, defined in Spring, that maps child roles to parent roles. Using this map, one can specify a hierarchy of roles that doesn't necessarily exist in the directory. Why would you need this? It is potentially prohibitive to repeatedly query the directory to recursively find all parents of a given child role.

The map below specifies that the Marketing and Sales roles are child roles of the BIReporting role. So if user suzy belongs to the Marketing role, she will be assigned both Marketing and BIReporting roles by the time this populator returns.

Any role prefix and/or case manipulation must be present in this mapping. In other words, if a role prefix has been set to ROLE_, and convertToUpperCase has been set to true, then both the keys and values must begin with ROLE_ and be all uppercase.

 <property name="extraRolesMapping">
   <map>
     <entry key="Marketing" value="BIReporting" />
     <entry key="Sales" value="BIReporting" />
   </map>
 </property>

Based on http://forum.springframework.org/showthread.php?t=28007

Author:
mlowery

Constructor Summary
NestedLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource, String groupSearchBase)
           
 
Method Summary
 void afterPropertiesSet()
           
 Map getExtraRolesMapping()
           
 Set getGroupMembershipRoles(String userDn, String username)
          Calls super's implementation then adds extra roles.
 void setExtraRolesMapping(Map extraRolesMapping)
           
 
Methods inherited from class org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator
getGrantedAuthorities, setConvertToUpperCase, setDefaultRole, setGroupRoleAttribute, setGroupSearchFilter, setRolePrefix, setSearchSubtree
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

NestedLdapAuthoritiesPopulator

public NestedLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource,
                                      String groupSearchBase)
Method Detail

getGroupMembershipRoles

public Set getGroupMembershipRoles(String userDn,
                                   String username)
Calls super's implementation then adds extra roles.

Overrides:
getGroupMembershipRoles in class org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator

getExtraRolesMapping

public Map getExtraRolesMapping()

setExtraRolesMapping

public void setExtraRolesMapping(Map extraRolesMapping)

afterPropertiesSet

public void afterPropertiesSet()
                        throws Exception
Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
Throws:
Exception
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD