Announcement Announcement Module
Collapse
No announcement yet.
Is it possible to modify authentication authorities at authentication time? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is it possible to modify authentication authorities at authentication time?

    We're authenticating against LDAP and our Authentication object's GrantedAuthorities are correctly populating with a user's roles from our LDAP database.

    What I'd like to know is if there's a way to dynamically modify those roles (authorities) on the fly before the Authentication object is constructed (the only way GrantedAuthorities can be set on an Authentication object is at object construction time).

    I'm thinking there's got to be some class I can extend and register to execute this behavior, I just don't know what class and what method.

    Thanks.
    Last edited by icfantv; Sep 28th, 2012, 10:42 AM. Reason: typo

  • #2
    Originally posted by icfantv View Post
    We're authenticating against LDAP and our Authentication object's GrantedAuthorities are correctly populating with a user's roles from our LDAP database.

    What I'd like to know is if there's a way to dynamically modify those roles (authorities) on the fly before the Authentication object is constructed (the only way GrantedAuthorities can be set on an Authentication object is at object construction time).

    I'm thinking there's got to be some class I can extend and register to execute this behavior, I just don't know what class and what method.

    Thanks.
    You need to wire in a custom userdetailsservice. That will allow you to update authorities with whatever you need.

    Comment


    • #3
      Thanks for the reply. So would this mean using the user-details-class attribute on the <ldap-authentication-provider> element?

      I'm also seeing the option for a user-context-mapper-ref attribute and after looking at section 19.4.6 in the SS docs and the API, it's not clear because I see that I can set a context mapper on the LdapUserDetailsService, which I assume is the default UserDetailsService used when doing LDAP authentication barring no other wiring. If I'm reading section 19.4.6 correctly, I think the method I want to implement would be UserDetailsContextMapper.mapUserFromContext(DirCon textOperations ctx, String username, Collection<GrantedAuthority> authorities).

      Thanks again.

      Comment


      • #4
        that sounds correct.

        Comment

        Working...
        X