Package org.pentaho.platform.plugin.services.security.userrole.ldap

Class NestedLdapAuthoritiesPopulator

  • All Implemented Interfaces:
    org.springframework.beans.factory.InitializingBean, org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator
    public class NestedLdapAuthoritiesPopulator
extends org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
implements org.springframework.beans.factory.InitializingBean
    Uses a map, defined in Spring, that maps child roles to parent roles. Using this map, one can specify a hierarchy of roles that doesn't necessarily exist in the directory. Why would you need this? It is potentially prohibitive to repeatedly query the directory to recursively find all parents of a given child role.

    The map below specifies that the Marketing and Sales roles are child roles of the BIReporting role. So if user suzy belongs to the Marketing role, she will be assigned both Marketing and BIReporting roles by the time this populator returns.

    Any role prefix and/or case manipulation must be present in this mapping. In other words, if a role prefix has been set to ROLE_, and convertToUpperCase has been set to true, then both the keys and values must begin with ROLE_ and be all uppercase. 

     <property name="extraRolesMapping">
   <map>
     <entry key="Marketing" value="BIReporting" />
     <entry key="Sales" value="BIReporting" />
   </map>
 </property>

    Based on http://forum.springframework.org/showthread.php?t=28007

    Author:
    mlowery

    • Constructor Detail

      • NestedLdapAuthoritiesPopulator

        public NestedLdapAuthoritiesPopulator​(org.springframework.ldap.core.ContextSource contextSource,
                                      String groupSearchBase)

    • Method Detail

      • getGroupMembershipRoles

        public Set getGroupMembershipRoles​(String userDn,
                                   String username)
        Calls super's implementation then adds extra roles.
        Overrides:
        getGroupMembershipRoles in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

      • getParentRoles

        protected Set getParentRoles​(Set children)
        Iterates over the set, using the items as keys into the extraRolesMapping.
        Parameters:
        children - Set of keys
        Returns:
        Set of values retrieved from keys

      • toGrantedAuthorities

        protected Set toGrantedAuthorities​(Set rolesAsStringsSet)
        Converts a set of strings into a set of granted authorities.
        Parameters:
        rolesAsStringsSet - Set of String instances
        Returns:
        Set of GrantedAuthority instances

      • getExtraRolesMapping

        public Map getExtraRolesMapping()

      • setExtraRolesMapping

        public void setExtraRolesMapping​(Map extraRolesMapping)

      • afterPropertiesSet

        public void afterPropertiesSet()
                        throws Exception
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
        Throws:
        Exception