Announcement Announcement Module
Collapse
No announcement yet.
How to modify Authority after loading it from LDAP Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to modify Authority after loading it from LDAP

    Hi,

    I would like to add few more authority and access related stuff once authentication is successful from LDAP. i am using spring security for LDAP authentication and loading authority. is there any way I can modify or add something in Authorities after successful login.

    Thanks

  • #2
    We did this with a custom LdapUserDetailsMapper:


    public class CustomUserDetailsMapper extends LdapUserDetailsMapper
    {
    @Override
    public UserDetails mapUserFromContext( DirContextOperations ctx, String username, Collection<GrantedAuthority> authority )
    {
    UserDetails originalUser = super.mapUserFromContext( ctx, username, authority );

    // Current authorities come from LDAP groups

    List<String> newAuthorities = // TODO

    Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
    for ( String authority : newAuthorities )
    {
    authorities.add( new GrantedAuthorityImpl( authority ) );
    }

    User newUser =
    new User(
    originalUser.getUsername(),
    originalUser.getPassword(),
    originalUser.isEnabled(),
    originalUser.isAccountNonExpired(),
    originalUser.isCredentialsNonExpired(),
    originalUser.isAccountNonLocked(),
    authorities );

    return newUser;
    }
    }


    In Spring security context XML, set the user-context-mapper (other attributes may vary):


    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"

    ...

    <beans:bean id="customUserContextMapper" class="com.mycompany.myproject.CustomUserDetailsMa pper"/>

    <authentication-manager>
    <ldap-authentication-provider
    user-dn-pattern="cn={0},cn=users,dc=mycompany,dc=com"
    user-search-base="cn=users,dc=mycompany,dc=com"
    user-search-filter="(uid={0})"
    user-context-mapper-ref="customUserContextMapper"
    />
    </authentication-manager>

    Comment


    • #3
      Looks great, thanks for your code example , I am going to try this method and let you know if it works for me. Any consideration while copying UserDetails ?

      Comment

      Working...
      X