Package com.avoka.fc.core.security

Class LdapUserDetailsAuthenticationProvider

  • All Implemented Interfaces:
    IPortalAware, IUserQuery, org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware, org.springframework.security.authentication.AuthenticationProvider
    public class LdapUserDetailsAuthenticationProvider
extends org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
implements IUserQuery, IPortalAware
    Provides a configurable LDAP Local UserDetails Authentication Provider.
    Since:
    3.5.0

    • Field Detail

      • LDAP_SEARCH_BASE_PARAM

        public static final String LDAP_SEARCH_BASE_PARAM
        The name of the LDAP search base property
        See Also:
        Constant Field Values

    • Constructor Detail

      • LdapUserDetailsAuthenticationProvider

        public LdapUserDetailsAuthenticationProvider()
        Create an LdapUserDetailsAuthenticationProvider and initialize the default properties.

    • Method Detail

      • authenticateLdapUser

        public Map<String,​Object> authenticateLdapUser​(String username,
                                                     String password)
                                              throws org.springframework.security.authentication.BadCredentialsException,
                                                     org.springframework.security.authentication.AuthenticationServiceException
        Authenticate the given the user name and password against the LDAP server and return the user's LDAP attributes.
        Parameters:
        username - the user login user name
        password - the user login password
        Returns:
        a map of LDAP user attributes
        Throws:
        org.springframework.security.authentication.BadCredentialsException - if the user could not be authenticated
        org.springframework.security.authentication.AuthenticationServiceException - if there is an error calling the LDAP server

      • loadLdapUserAttributes

        public Map<String,​Object> loadLdapUserAttributes​(String username,
                                                       boolean allAttributes)
                                                throws org.springframework.security.authentication.BadCredentialsException,
                                                       org.springframework.security.authentication.AuthenticationServiceException
        Get the LDAP user attributes for the specified user. This LDAP server call with use the server login user name.
        Parameters:
        username - the user login user name
        allAttributes - specify whether to return all the user attributes not just the those configured with the provider
        Returns:
        a map of LDAP user attributes, if the user is found or any empty map if the user is not found
        Throws:
        org.springframework.security.authentication.BadCredentialsException - if the LDAP server user could not be authenticated
        org.springframework.security.authentication.AuthenticationServiceException - if there is an error calling the LDA server

      • createUserProfileMap

        public Map<String,​String> createUserProfileMap​(Map<String,​Object> attributes)
        Create user profile map from the given LDAP user attributes and defined lapAttributesProfileMapping.
        Parameters:
        attributes - the LDAP user attributes
        Returns:
        user profile map from the given LDAP user attributes and defined lapAttributesProfileMapping

      • doesUserExist

        public boolean doesUserExist​(String userId)
        Return true if the user exists with the given authentication provider.
        Specified by:
        doesUserExist in interface IUserQuery
        Parameters:
        userId - the unique user identifier (required)
        Returns:
        true if the user exists with the given authentication provider
        See Also:
        IUserQuery.doesUserExist(String)

      • setName

        public void setName​(String name)
        Set the name of the Authentication Provider.
        Parameters:
        name - the new name of the Authentication Provider

      • getName

        public String getName()
        Return the name of the Authentication Provider.
        Returns:
        name the name of the Authentication Provider

      • getLdapServerUrl

        public String getLdapServerUrl()
        Return the URL of the LDAP server, if configured.
        Returns:
        the LDAP server URL

      • setLdapServerUrl

        public void setLdapServerUrl​(String serverUrl)
        Set the URL of the LDAP server.
        Parameters:
        serverUrl - the LDAP server URL

      • getLdapServerUser

        public String getLdapServerUser()
        Return the user name used to access the LDAP server, if configured.
        Returns:
        the LDAP server user name

      • setLdapServerUser

        public void setLdapServerUser​(String newUser)
        Set the user name used to access the LDAP server.
        Parameters:
        newUser - the LDAP server user name

      • getLdapServerPassword

        public String getLdapServerPassword()
        Return the password used to access the LDAP server, if configured.
        Returns:
        the LDAP server password

      • setLdapServerPassword

        public void setLdapServerPassword​(String newPassword)
        Set the password used to access the LDAP server.
        Parameters:
        newPassword - the LDAP server password

      • getLdapSearchBase

        public String getLdapSearchBase()
        Return the search base on the LDAP server where SmartForm Manager user data is stored, if configured.
        Returns:
        the LDAP server search base

      • setLdapSearchBase

        public void setLdapSearchBase​(String newSearchBase)
        Set the search base on the LDAP server where SmartForm Manager user data is stored.
        Parameters:
        newSearchBase - the LDAP server search base

      • getLdapSearchFilter

        public String getLdapSearchFilter()
        Return the search filter on the LDAP server that is used to locate a user record, if configured.
        Returns:
        the LDAP server search filter

      • setLdapSearchFilter

        public void setLdapSearchFilter​(String newSearchFilter)
        Set the search filter on the LDAP server that is used to locate a user record.
        Parameters:
        newSearchFilter - the LDAP server search filter

      • getLdapSearchSubTree

        public boolean getLdapSearchSubTree()
        Return true if the LDAP search scope is subtree or single level if false.
        Returns:
        true if the LDAP search scope is subtree or single level if false

      • setLdapSearchSubTree

        public void setLdapSearchSubTree​(boolean subTree)
        Set whether the LDAP search scope is subtree or single level otherwise.
        Parameters:
        subTree - the LDAP search scope is subtree flat or single level if false

      • getLdapAttributeUserName

        public String getLdapAttributeUserName()
        Return the attribute containing the user name on the LDAP server, if configured.
        Returns:
        the LDAP server user name attribute

      • setLdapAttributeUserName

        public void setLdapAttributeUserName​(String newUserNameAttribute)
        Set the attribute containing the user name on the LDAP server, if configured
        Parameters:
        newUserNameAttribute - the LDAP server user name attribute

      • getLdapAttributeEmail

        public String getLdapAttributeEmail()
        Return the attribute containing a user's email address on the LDAP server, if configured.
        Returns:
        the LDAP server email attribute

      • setLdapAttributeEmail

        public void setLdapAttributeEmail​(String newEmailAttribute)
        Set the attribute containing a user's email address on the LDAP server.
        Parameters:
        newEmailAttribute - the LDAP server email attribute

      • getLdapAttributeFirstName

        public String getLdapAttributeFirstName()
        Return the attribute containing a user's first name on the LDAP server, if configured.
        Returns:
        the LDAP server first name attribute

      • setLdapAttributeFirstName

        public void setLdapAttributeFirstName​(String newFirstNameAttribute)
        Set the attribute containing a user's first name on the LDAP server.
        Parameters:
        newFirstNameAttribute - the LDAP server first name attribute

      • getLdapAttributeLastName

        public String getLdapAttributeLastName()
        Return the attribute containing a user's last name on the LDAP server, if configured.
        Returns:
        the LDAP server last name attribute

      • setLdapAttributeLastName

        public void setLdapAttributeLastName​(String newLastNameAttribute)
        Set the attribute containing a user's last name on the LDAP server.
        Parameters:
        newLastNameAttribute - the LDAP server last name attribute

      • getLdapAttributeGroups

        public String getLdapAttributeGroups()
        Return the attribute containing a user's groups on the LDAP server, if configured.
        Returns:
        the LDAP server groups attribute

      • setLdapAttributeGroups

        public void setLdapAttributeGroups​(String newGroupsAttribute)
        Set the attribute containing a user's groups on the LDAP server.
        Parameters:
        newGroupsAttribute - the LDAP server groups attribute
        See Also:
        SecurityService#setLdapAttributeGroups(String)

      • getLdapAttributeMobile

        public String getLdapAttributeMobile()
        Return the attribute containing a user's mobile number on the LDAP server, if configured
        Returns:
        the LDAP user's mobile number attribute

      • setLdapAttributeMobile

        public void setLdapAttributeMobile​(String mobileAttribute)
        Set the attribute containing a user's mobile number on the LDAP server
        Parameters:
        mobileAttribute - the LDAP mobile number attribute

      • getLdapAttributeDistinguishedName

        public String getLdapAttributeDistinguishedName()
        Return the attribute containing a user's distinguished name on the LDAP server
        Returns:
        the attribute containing a user's distinguished name on the LDAP server

      • setLdapAttributeDistinguishedName

        public void setLdapAttributeDistinguishedName​(String distinguishedNameAttribute)
        Set the attribute containing a user's distinguished name on the LDAP server
        Parameters:
        distinguishedNameAttribute - the distinguished name attribute

      • getLdapAttributesProfileMapping

        public String getLdapAttributesProfileMapping()
        Return the LDAP attributes to User Profile mapping.
        Returns:
        the LDAP attributes to User Profile mapping

      • setLdapAttributesProfileMapping

        public void setLdapAttributesProfileMapping​(String attributesProfileMapping)
        Set the LDAP attributes to User Profile mapping.
        Parameters:
        attributesProfileMapping - the LDAP attributes to User Profile mapping

      • getLdapUserDnTemplate

        public String getLdapUserDnTemplate()
        Return the LDAP User Distinguished Name (DN) Template for user authentication.
        Returns:
        the LDAP User Distinguished Name (DN) template for user authentication

      • setLdapUserDnTemplate

        public void setLdapUserDnTemplate​(String userDnTemplate)
        Set the LDAP User Distinguished Name (DN) Template for user authentication.
        Parameters:
        userDnTemplate - the LDAP User Distinguished Name (DN) template for user authentication

      • retrieveUser

        protected org.springframework.security.core.userdetails.UserDetails retrieveUser​(String username,
                                                                                 org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication)
                                                                          throws org.springframework.security.core.AuthenticationException
        Specified by:
        retrieveUser in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
        Throws:
        org.springframework.security.core.AuthenticationException
        See Also:
        AbstractUserDetailsAuthenticationProvider.retrieveUser(String, UsernamePasswordAuthenticationToken)

      • additionalAuthenticationChecks

        protected void additionalAuthenticationChecks​(org.springframework.security.core.userdetails.UserDetails userDetails,
                                              org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication)
                                       throws org.springframework.security.core.AuthenticationException
        This method does nothing.
        Specified by:
        additionalAuthenticationChecks in class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
        Throws:
        org.springframework.security.core.AuthenticationException
        See Also:
        AbstractUserDetailsAuthenticationProvider#additionalAuthenticationChecks(String, UsernamePasswordAuthenticationToken)