Class NestedLdapAuthoritiesPopulator
- java.lang.Object
-
- org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
- org.pentaho.platform.plugin.services.security.userrole.ldap.NestedLdapAuthoritiesPopulator
-
- All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean
,org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator
public class NestedLdapAuthoritiesPopulator extends org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator implements org.springframework.beans.factory.InitializingBean
Uses a map, defined in Spring, that maps child roles to parent roles. Using this map, one can specify a hierarchy of roles that doesn't necessarily exist in the directory. Why would you need this? It is potentially prohibitive to repeatedly query the directory to recursively find all parents of a given child role.The map below specifies that the Marketing and Sales roles are child roles of the BIReporting role. So if user suzy belongs to the Marketing role, she will be assigned both Marketing and BIReporting roles by the time this populator returns.
Any role prefix and/or case manipulation must be present in this mapping. In other words, if a role prefix has been set to
ROLE_
, andconvertToUpperCase
has been set totrue
, then both the keys and values must begin withROLE_
and be all uppercase.<property name="extraRolesMapping"> <map> <entry key="Marketing" value="BIReporting" /> <entry key="Sales" value="BIReporting" /> </map> </property>
Based on http://forum.springframework.org/showthread.php?t=28007
- Author:
- mlowery
-
-
Constructor Summary
Constructors Constructor Description NestedLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource, String groupSearchBase)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
afterPropertiesSet()
Map
getExtraRolesMapping()
Set
getGroupMembershipRoles(String userDn, String username)
Calls super's implementation then adds extra roles.protected Set
getParentRoles(Set children)
Iterates over the set, using the items as keys into the extraRolesMapping.void
setExtraRolesMapping(Map extraRolesMapping)
protected Set
toGrantedAuthorities(Set rolesAsStringsSet)
Converts a set of strings into a set of granted authorities.-
Methods inherited from class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
getAdditionalRoles, getContextSource, getGrantedAuthorities, getGroupRoleAttribute, getGroupSearchBase, getGroupSearchFilter, getLdapTemplate, getRolePrefix, isConvertToUpperCase, setAuthorityMapper, setConvertToUpperCase, setDefaultRole, setGroupRoleAttribute, setGroupSearchFilter, setIgnorePartialResultException, setRolePrefix, setSearchSubtree
-
-
-
-
Constructor Detail
-
NestedLdapAuthoritiesPopulator
public NestedLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource, String groupSearchBase)
-
-
Method Detail
-
getGroupMembershipRoles
public Set getGroupMembershipRoles(String userDn, String username)
Calls super's implementation then adds extra roles.- Overrides:
getGroupMembershipRoles
in classorg.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
getParentRoles
protected Set getParentRoles(Set children)
Iterates over the set, using the items as keys into the extraRolesMapping.- Parameters:
children
-Set
of keys- Returns:
Set
of values retrieved from keys
-
toGrantedAuthorities
protected Set toGrantedAuthorities(Set rolesAsStringsSet)
Converts a set of strings into a set of granted authorities.- Parameters:
rolesAsStringsSet
-Set
ofString
instances- Returns:
Set
ofGrantedAuthority
instances
-
getExtraRolesMapping
public Map getExtraRolesMapping()
-
setExtraRolesMapping
public void setExtraRolesMapping(Map extraRolesMapping)
-
-