BroadleafActiveDirectoryUserDetailsMapper (BroadleafCommerce Common Libraries 2.0.7-GA API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.broadleafcommerce.common.security.ldap
Class BroadleafActiveDirectoryUserDetailsMapper

java.lang.Object
  org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
      org.broadleafcommerce.common.security.ldap.BroadleafActiveDirectoryUserDetailsMapper

All Implemented Interfaces:: org.springframework.security.ldap.userdetails.UserDetailsContextMapper

public class BroadleafActiveDirectoryUserDetailsMapper
extends org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
extends org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

This class allows Spring to do it's thing with respect to mapping user details from LDAP to the Spring's security framework. However, this class allows us to specify whether to use the user's user name from LDAP, or to use their email address to map them to a Broadleaf user. It also allows us to override the role names (GrantedAuthorities) that come from LDAP with names that may be more suitable for Broadleaf.

Author:: Kelly Tisdell

Field Summary
`protected boolean`	`additiveRoleNameSubstitutions`
`protected Map<String,String[]>`	`roleNameSubstitutions`
`protected boolean`	`useEmailAddressAsUsername`

Constructor Summary
`BroadleafActiveDirectoryUserDetailsMapper()`

Method Summary
`org.springframework.security.core.userdetails.UserDetails`	`mapUserFromContext(org.springframework.ldap.core.DirContextOperations ctx, String username, Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)`
`void`	`setAdditiveRoleNameSubstitutions(boolean additiveRoleNameSubstitutions)` This should be used in conjunction with the roleNameSubstitutions property.
`void`	`setRoleNameSubstitutions(Map<String,String[]> roleNameSubstitutions)` This allows you to declaratively set a map containing values that will substitute role names from LDAP to Broadleaf roles names in cases that they might be different.
`void`	`setUseEmailAddressAsUsername(boolean value)` The LDAP server may contain a user name other than an email address.

Methods inherited from class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper
`createAuthority, mapPassword, mapUserToContext, setConvertToUpperCase, setPasswordAttributeName, setRoleAttributes, setRolePrefix`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

useEmailAddressAsUsername

protected boolean useEmailAddressAsUsername

additiveRoleNameSubstitutions

protected boolean additiveRoleNameSubstitutions

roleNameSubstitutions

protected Map<String,String[]> roleNameSubstitutions

Constructor Detail

BroadleafActiveDirectoryUserDetailsMapper

public BroadleafActiveDirectoryUserDetailsMapper()

Method Detail

mapUserFromContext

public org.springframework.security.core.userdetails.UserDetails mapUserFromContext(org.springframework.ldap.core.DirContextOperations ctx,
                                                                                    String username,
                                                                                    Collection<? extends org.springframework.security.core.GrantedAuthority> authorities)

Specified by:: mapUserFromContext in interface org.springframework.security.ldap.userdetails.UserDetailsContextMapper
Overrides:: mapUserFromContext in class org.springframework.security.ldap.userdetails.LdapUserDetailsMapper

setUseEmailAddressAsUsername

public void setUseEmailAddressAsUsername(boolean value)

The LDAP server may contain a user name other than an email address. If the email address should be used to map to a Broadleaf user, then set this to true. The principal will be set to the user's email address returned from the LDAP server.

Parameters:: value -

setRoleNameSubstitutions

public void setRoleNameSubstitutions(Map<String,String[]> roleNameSubstitutions)

This allows you to declaratively set a map containing values that will substitute role names from LDAP to Broadleaf roles names in cases that they might be different. For example, if you have a role specified in LDAP under "memberOf" with a DN of "Marketing Administrator", you might want to map that to the role "ADMIN". By default the prefix "ROLE_" will be pre-pended to this name. So to configure this, you would specify: With this configuration, all roles returned by LDAP that have a DN of "Marketing Administrator" will be converted to "ADMIN"

Parameters:: roleNameSubstitutions -

setAdditiveRoleNameSubstitutions

public void setAdditiveRoleNameSubstitutions(boolean additiveRoleNameSubstitutions)

This should be used in conjunction with the roleNameSubstitutions property. If this is set to true, this will add the mapped roles to the list of original granted authorities. If set to false, this will replace the original granted authorities with the mapped ones. Defaults to false.

Parameters:: additiveRoleNameSubstitutions -