Package com.avoka.fc.core.security
Class LdapUserDetailsAuthenticationProvider
java.lang.Object
org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
com.avoka.fc.core.security.LdapUserDetailsAuthenticationProvider
- All Implemented Interfaces:
IPortalAware
,IUserQuery
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.MessageSourceAware
,org.springframework.security.authentication.AuthenticationProvider
public class LdapUserDetailsAuthenticationProvider
extends org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
implements IUserQuery, IPortalAware
Provides a configurable LDAP Local UserDetails Authentication Provider.
- Since:
- 3.5.0
-
Field Summary
Fields inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
hideUserNotFoundExceptions, messages
-
Constructor Summary
ConstructorDescriptionCreate an LdapUserDetailsAuthenticationProvider and initialize the default properties. -
Method Summary
Modifier and TypeMethodDescriptionprotected void
additionalAuthenticationChecks
(org.springframework.security.core.userdetails.UserDetails userDetails, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication) This method does nothing.authenticateLdapUser
(String username, String password) Authenticate the given the user name and password against the LDAP server and return the user's LDAP attributes.createUserProfileMap
(Map<String, Object> attributes) Create user profile map from the given LDAP user attributes and defined lapAttributesProfileMapping.boolean
doesUserExist
(String userId) Return true if the user exists with the given authentication provider.Return the attribute containing a user's distinguished name on the LDAP serverReturn the attribute containing a user's email address on the LDAP server, if configured.Return the attribute containing a user's first name on the LDAP server, if configured.Return the attribute containing a user's groups on the LDAP server, if configured.Return the attribute containing a user's last name on the LDAP server, if configured.Return the attribute containing a user's mobile number on the LDAP server, if configuredReturn the LDAP attributes to User Profile mapping.Return the attribute containing the user name on the LDAP server, if configured.Return the search base on the LDAP server where SmartForm Manager user data is stored, if configured.Return the search filter on the LDAP server that is used to locate a user record, if configured.boolean
Return true if the LDAP search scope is subtree or single level if false.Return the password used to access the LDAP server, if configured.Return the URL of the LDAP server, if configured.Return the user name used to access the LDAP server, if configured.Return the LDAP User Distinguished Name (DN) Template for user authentication.getName()
Return the name of the Authentication Provider.loadLdapUserAttributes
(String username, boolean allAttributes) Get the LDAP user attributes for the specified user.protected org.springframework.security.core.userdetails.UserDetails
retrieveUser
(String username, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication) void
setLdapAttributeDistinguishedName
(String distinguishedNameAttribute) Set the attribute containing a user's distinguished name on the LDAP servervoid
setLdapAttributeEmail
(String newEmailAttribute) Set the attribute containing a user's email address on the LDAP server.void
setLdapAttributeFirstName
(String newFirstNameAttribute) Set the attribute containing a user's first name on the LDAP server.void
setLdapAttributeGroups
(String newGroupsAttribute) Set the attribute containing a user's groups on the LDAP server.void
setLdapAttributeLastName
(String newLastNameAttribute) Set the attribute containing a user's last name on the LDAP server.void
setLdapAttributeMobile
(String mobileAttribute) Set the attribute containing a user's mobile number on the LDAP servervoid
setLdapAttributesProfileMapping
(String attributesProfileMapping) Set the LDAP attributes to User Profile mapping.void
setLdapAttributeUserName
(String newUserNameAttribute) Set the attribute containing the user name on the LDAP server, if configuredvoid
setLdapSearchBase
(String newSearchBase) Set the search base on the LDAP server where SmartForm Manager user data is stored.void
setLdapSearchFilter
(String newSearchFilter) Set the search filter on the LDAP server that is used to locate a user record.void
setLdapSearchSubTree
(boolean subTree) Set whether the LDAP search scope is subtree or single level otherwise.void
setLdapServerPassword
(String newPassword) Set the password used to access the LDAP server.void
setLdapServerUrl
(String serverUrl) Set the URL of the LDAP server.void
setLdapServerUser
(String newUser) Set the user name used to access the LDAP server.void
setLdapUserDnTemplate
(String userDnTemplate) Set the LDAP User Distinguished Name (DN) Template for user authentication.void
Set the name of the Authentication Provider.void
Set the object portal.Methods inherited from class org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
afterPropertiesSet, authenticate, createSuccessAuthentication, doAfterPropertiesSet, getPostAuthenticationChecks, getPreAuthenticationChecks, getUserCache, isForcePrincipalAsString, isHideUserNotFoundExceptions, setAuthoritiesMapper, setForcePrincipalAsString, setHideUserNotFoundExceptions, setMessageSource, setPostAuthenticationChecks, setPreAuthenticationChecks, setUserCache, supports
-
Field Details
-
LDAP_SEARCH_BASE_PARAM
The name of the LDAP search base property- See Also:
-
-
Constructor Details
-
LdapUserDetailsAuthenticationProvider
public LdapUserDetailsAuthenticationProvider()Create an LdapUserDetailsAuthenticationProvider and initialize the default properties.
-
-
Method Details
-
authenticateLdapUser
public Map<String,Object> authenticateLdapUser(String username, String password) throws org.springframework.security.authentication.BadCredentialsException, org.springframework.security.authentication.AuthenticationServiceException Authenticate the given the user name and password against the LDAP server and return the user's LDAP attributes.- Parameters:
username
- the user login user namepassword
- the user login password- Returns:
- a map of LDAP user attributes
- Throws:
org.springframework.security.authentication.BadCredentialsException
- if the user could not be authenticatedorg.springframework.security.authentication.AuthenticationServiceException
- if there is an error calling the LDAP server
-
loadLdapUserAttributes
public Map<String,Object> loadLdapUserAttributes(String username, boolean allAttributes) throws org.springframework.security.authentication.BadCredentialsException, org.springframework.security.authentication.AuthenticationServiceException Get the LDAP user attributes for the specified user. This LDAP server call with use the server login user name.- Parameters:
username
- the user login user nameallAttributes
- specify whether to return all the user attributes not just the those configured with the provider- Returns:
- a map of LDAP user attributes, if the user is found or any empty map if the user is not found
- Throws:
org.springframework.security.authentication.BadCredentialsException
- if the LDAP server user could not be authenticatedorg.springframework.security.authentication.AuthenticationServiceException
- if there is an error calling the LDA server
-
createUserProfileMap
Create user profile map from the given LDAP user attributes and defined lapAttributesProfileMapping.- Parameters:
attributes
- the LDAP user attributes- Returns:
- user profile map from the given LDAP user attributes and defined lapAttributesProfileMapping
-
doesUserExist
Return true if the user exists with the given authentication provider.- Specified by:
doesUserExist
in interfaceIUserQuery
- Parameters:
userId
- the unique user identifier (required)- Returns:
- true if the user exists with the given authentication provider
- See Also:
-
setName
Set the name of the Authentication Provider.- Parameters:
name
- the new name of the Authentication Provider
-
getName
Return the name of the Authentication Provider.- Returns:
- name the name of the Authentication Provider
-
setPortal
Set the object portal.- Specified by:
setPortal
in interfaceIPortalAware
- Parameters:
portal
- the portal- See Also:
-
getLdapServerUrl
Return the URL of the LDAP server, if configured.- Returns:
- the LDAP server URL
-
setLdapServerUrl
Set the URL of the LDAP server.- Parameters:
serverUrl
- the LDAP server URL
-
getLdapServerUser
Return the user name used to access the LDAP server, if configured.- Returns:
- the LDAP server user name
-
setLdapServerUser
Set the user name used to access the LDAP server.- Parameters:
newUser
- the LDAP server user name
-
getLdapServerPassword
Return the password used to access the LDAP server, if configured.- Returns:
- the LDAP server password
-
setLdapServerPassword
Set the password used to access the LDAP server.- Parameters:
newPassword
- the LDAP server password
-
getLdapSearchBase
Return the search base on the LDAP server where SmartForm Manager user data is stored, if configured.- Returns:
- the LDAP server search base
-
setLdapSearchBase
Set the search base on the LDAP server where SmartForm Manager user data is stored.- Parameters:
newSearchBase
- the LDAP server search base
-
getLdapSearchFilter
Return the search filter on the LDAP server that is used to locate a user record, if configured.- Returns:
- the LDAP server search filter
-
setLdapSearchFilter
Set the search filter on the LDAP server that is used to locate a user record.- Parameters:
newSearchFilter
- the LDAP server search filter
-
getLdapSearchSubTree
public boolean getLdapSearchSubTree()Return true if the LDAP search scope is subtree or single level if false.- Returns:
- true if the LDAP search scope is subtree or single level if false
-
setLdapSearchSubTree
public void setLdapSearchSubTree(boolean subTree) Set whether the LDAP search scope is subtree or single level otherwise.- Parameters:
subTree
- the LDAP search scope is subtree flat or single level if false
-
getLdapAttributeUserName
Return the attribute containing the user name on the LDAP server, if configured.- Returns:
- the LDAP server user name attribute
-
setLdapAttributeUserName
Set the attribute containing the user name on the LDAP server, if configured- Parameters:
newUserNameAttribute
- the LDAP server user name attribute
-
getLdapAttributeEmail
Return the attribute containing a user's email address on the LDAP server, if configured.- Returns:
- the LDAP server email attribute
-
setLdapAttributeEmail
Set the attribute containing a user's email address on the LDAP server.- Parameters:
newEmailAttribute
- the LDAP server email attribute
-
getLdapAttributeFirstName
Return the attribute containing a user's first name on the LDAP server, if configured.- Returns:
- the LDAP server first name attribute
-
setLdapAttributeFirstName
Set the attribute containing a user's first name on the LDAP server.- Parameters:
newFirstNameAttribute
- the LDAP server first name attribute
-
getLdapAttributeLastName
Return the attribute containing a user's last name on the LDAP server, if configured.- Returns:
- the LDAP server last name attribute
-
setLdapAttributeLastName
Set the attribute containing a user's last name on the LDAP server.- Parameters:
newLastNameAttribute
- the LDAP server last name attribute
-
getLdapAttributeGroups
Return the attribute containing a user's groups on the LDAP server, if configured.- Returns:
- the LDAP server groups attribute
-
setLdapAttributeGroups
Set the attribute containing a user's groups on the LDAP server.- Parameters:
newGroupsAttribute
- the LDAP server groups attribute- See Also:
-
getLdapAttributeMobile
Return the attribute containing a user's mobile number on the LDAP server, if configured- Returns:
- the LDAP user's mobile number attribute
-
setLdapAttributeMobile
Set the attribute containing a user's mobile number on the LDAP server- Parameters:
mobileAttribute
- the LDAP mobile number attribute
-
getLdapAttributeDistinguishedName
Return the attribute containing a user's distinguished name on the LDAP server- Returns:
- the attribute containing a user's distinguished name on the LDAP server
-
setLdapAttributeDistinguishedName
Set the attribute containing a user's distinguished name on the LDAP server- Parameters:
distinguishedNameAttribute
- the distinguished name attribute
-
getLdapAttributesProfileMapping
Return the LDAP attributes to User Profile mapping.- Returns:
- the LDAP attributes to User Profile mapping
-
setLdapAttributesProfileMapping
Set the LDAP attributes to User Profile mapping.- Parameters:
attributesProfileMapping
- the LDAP attributes to User Profile mapping
-
getLdapUserDnTemplate
Return the LDAP User Distinguished Name (DN) Template for user authentication.- Returns:
- the LDAP User Distinguished Name (DN) template for user authentication
-
setLdapUserDnTemplate
Set the LDAP User Distinguished Name (DN) Template for user authentication.- Parameters:
userDnTemplate
- the LDAP User Distinguished Name (DN) template for user authentication
-
retrieveUser
protected org.springframework.security.core.userdetails.UserDetails retrieveUser(String username, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication) throws org.springframework.security.core.AuthenticationException - Specified by:
retrieveUser
in classorg.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- Throws:
org.springframework.security.core.AuthenticationException
- See Also:
-
additionalAuthenticationChecks
protected void additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails, org.springframework.security.authentication.UsernamePasswordAuthenticationToken authentication) throws org.springframework.security.core.AuthenticationException This method does nothing.- Specified by:
additionalAuthenticationChecks
in classorg.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
- Throws:
org.springframework.security.core.AuthenticationException
- See Also:
-