Package com.aquima.web.boot.security
Class RoleMappingLdapAuthoritiesPopulator
- java.lang.Object
-
- org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
-
- com.aquima.web.boot.security.RoleMappingLdapAuthoritiesPopulator
-
- All Implemented Interfaces:
org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator
public class RoleMappingLdapAuthoritiesPopulator extends org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulatorThis class is an extension to theDefaultLdapAuthoritiesPopulatorwhich retrieves all the groups for an LDAP user. Instead of returning these groups, a mapping is applied from LDAP group to Blueriq role. If no role mapping is defined, the authenticated user will not have any roles. Please note that the mapping is case sensitive, so the LDAP group name must match exactly. The Blueriq role on the other hand is compared case insensitive when starting flows. With the legacy toggle isMapLdapGroupsToRoles set to true, the mapping is not used and all LDAP groups are returned as roles (which is the behavior of theDefaultLdapAuthoritiesPopulator).
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Set<org.springframework.security.core.GrantedAuthority>getGroupMembershipRoles(String userDn, String username)-
Methods inherited from class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
getAdditionalRoles, getContextSource, getGrantedAuthorities, getGroupRoleAttribute, getGroupSearchBase, getGroupSearchFilter, getLdapTemplate, getRolePrefix, isConvertToUpperCase, setAuthorityMapper, setConvertToUpperCase, setDefaultRole, setGroupRoleAttribute, setGroupSearchFilter, setIgnorePartialResultException, setRolePrefix, setSearchSubtree
-
-