Package com.aquima.web.boot.security

Class RoleMappingLdapAuthoritiesPopulator

java.lang.Object
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
com.aquima.web.boot.security.RoleMappingLdapAuthoritiesPopulator
All Implemented Interfaces:
org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator
public class RoleMappingLdapAuthoritiesPopulator extends org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
This class is an extension to the DefaultLdapAuthoritiesPopulator which retrieves all the groups for an LDAP user. Instead of returning these groups, a mapping is applied from LDAP group to Blueriq role. If no role mapping is defined, the authenticated user will not have any roles. Please note that the mapping is case sensitive, so the LDAP group name must match exactly. The Blueriq role on the other hand is compared case insensitive when starting flows. With the legacy toggle isMapLdapGroupsToRoles set to true, the mapping is not used and all LDAP groups are returned as roles (which is the behavior of the DefaultLdapAuthoritiesPopulator).

  • Constructor Summary

    Constructors
    Constructor
    Description
    RoleMappingLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource, String groupSearchBase, Map<String,List<String>> roleMapping)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    Set<org.springframework.security.core.GrantedAuthority>
    getGroupMembershipRoles(String userDn, String username)
     

    Methods inherited from class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator

    getAdditionalRoles, getContextSource, getGrantedAuthorities, getGroupRoleAttribute, getGroupSearchBase, getGroupSearchFilter, getLdapTemplate, getRolePrefix, isConvertToUpperCase, setAuthorityMapper, setConvertToUpperCase, setDefaultRole, setGroupRoleAttribute, setGroupSearchFilter, setIgnorePartialResultException, setRolePrefix, setSearchSubtree

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • RoleMappingLdapAuthoritiesPopulator

      public RoleMappingLdapAuthoritiesPopulator(org.springframework.ldap.core.ContextSource contextSource, String groupSearchBase, Map<String,List<String>> roleMapping)

  • Method Details

    • getGroupMembershipRoles

      public Set<org.springframework.security.core.GrantedAuthority> getGroupMembershipRoles(String userDn, String username)
      Overrides:
      getGroupMembershipRoles in class org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator