Class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>>
java.lang.Object
org.springframework.security.config.annotation.SecurityConfigurerAdapter<AuthenticationManager,B>
org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer<B>
- Type Parameters:
B- theProviderManagerBuildertype that this is configuring.
- All Implemented Interfaces:
SecurityConfigurer<AuthenticationManager,B>
public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>>
extends SecurityConfigurerAdapter<AuthenticationManager,B>
Configures LDAP
AuthenticationProvider in the ProviderManagerBuilder.- Since:
- 3.2
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionfinal classAllows building aBaseLdapPathContextSourceand optionally creating an embedded LDAP instance.final classSets up Password based comparison -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionauthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) Specifies theGrantedAuthoritiesMapper.voidConfigure theSecurityBuilderby setting the necessary properties on theSecurityBuilder.Allows easily configuring of aBaseLdapPathContextSourcewith defaults pointing to an embedded LDAP server that is created.contextSource(org.springframework.ldap.core.support.BaseLdapPathContextSource contextSource) Specifies theBaseLdapPathContextSourceto be used.protected GrantedAuthoritiesMapperGets theGrantedAuthoritiesMapperand defaults toSimpleAuthorityMapper.groupRoleAttribute(String groupRoleAttribute) Specifies the attribute name which contains the role name.groupSearchBase(String groupSearchBase) The search base for group membership searches.groupSearchFilter(String groupSearchFilter) The LDAP filter to search for groups.groupSearchSubtree(boolean groupSearchSubtree) If set to true, a subtree scope search will be performed for group membership.ldapAuthoritiesPopulator(LdapAuthoritiesPopulator ldapAuthoritiesPopulator) Specifies theLdapAuthoritiesPopulator.passwordEncoder(PasswordEncoder passwordEncoder) Specifies thePasswordEncoderto be used when authenticating with password comparison.rolePrefix(String rolePrefix) A non-empty string prefix that will be added as a prefix to the existing roles.userDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper) Allows explicit customization of the loaded user object by specifying a UserDetailsContextMapper bean which will be called with the context information from the user's directory entry.userDnPatterns(String... userDnPatterns) If your users are at a fixed location in the directory (i.e.userSearchBase(String userSearchBase) Search base for user searches.userSearchFilter(String userSearchFilter) The LDAP filter used to search for users (optional).withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) Deprecated, for removal: This API element is subject to removal in a future version.withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) Adds anObjectPostProcessorfor this class.Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter
addObjectPostProcessor, addObjectPostProcessor, and, getBuilder, init, postProcess, setBuilder
-
Constructor Details
-
LdapAuthenticationProviderConfigurer
public LdapAuthenticationProviderConfigurer()
-
-
Method Details
-
ldapAuthoritiesPopulator
public LdapAuthenticationProviderConfigurer<B> ldapAuthoritiesPopulator(LdapAuthoritiesPopulator ldapAuthoritiesPopulator) Specifies theLdapAuthoritiesPopulator.- Parameters:
ldapAuthoritiesPopulator- theLdapAuthoritiesPopulatorthe default isDefaultLdapAuthoritiesPopulator- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customizations
-
withObjectPostProcessor
public LdapAuthenticationProviderConfigurer<B> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) Adds anObjectPostProcessorfor this class.- Parameters:
objectPostProcessor-- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customizations
-
withObjectPostProcessor
@Deprecated(since="6.4", forRemoval=true) public LdapAuthenticationProviderConfigurer<B> withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) Deprecated, for removal: This API element is subject to removal in a future version. -
authoritiesMapper
public LdapAuthenticationProviderConfigurer<B> authoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) Specifies theGrantedAuthoritiesMapper.- Parameters:
grantedAuthoritiesMapper- theGrantedAuthoritiesMapperthe default isSimpleAuthorityMapper- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customizations - Since:
- 4.1.1
-
getAuthoritiesMapper
Gets theGrantedAuthoritiesMapperand defaults toSimpleAuthorityMapper.- Returns:
- the
GrantedAuthoritiesMapper - Throws:
Exception- if errors inSimpleAuthorityMapper.afterPropertiesSet()
-
contextSource
public LdapAuthenticationProviderConfigurer<B> contextSource(org.springframework.ldap.core.support.BaseLdapPathContextSource contextSource) Specifies theBaseLdapPathContextSourceto be used. If not specified, an embedded LDAP server will be created usingcontextSource().- Parameters:
contextSource- theBaseLdapPathContextSourceto use- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customizations - See Also:
-
contextSource
Allows easily configuring of aBaseLdapPathContextSourcewith defaults pointing to an embedded LDAP server that is created.- Returns:
- the
LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>>.ContextSourceBuilderfor further customizations
-
passwordEncoder
Specifies thePasswordEncoderto be used when authenticating with password comparison.- Parameters:
passwordEncoder- thePasswordEncoderto use- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customization
-
userDnPatterns
If your users are at a fixed location in the directory (i.e. you can work out the DN directly from the username without doing a directory search), you can use this attribute to map directly to the DN. It maps directly to the userDnPatterns property of AbstractLdapAuthenticator. The value is a specific pattern used to build the user's DN, for example "uid={0},ou=people". The key "{0}" must be present and will be substituted with the username.- Parameters:
userDnPatterns- the LDAP patterns for finding the usernames- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customizations
-
userDetailsContextMapper
public LdapAuthenticationProviderConfigurer<B> userDetailsContextMapper(UserDetailsContextMapper userDetailsContextMapper) Allows explicit customization of the loaded user object by specifying a UserDetailsContextMapper bean which will be called with the context information from the user's directory entry.- Parameters:
userDetailsContextMapper- theUserDetailsContextMapperto use- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customizations - See Also:
-
groupRoleAttribute
Specifies the attribute name which contains the role name. Default is "cn".- Parameters:
groupRoleAttribute- the attribute name that maps a group to a role.- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customizations
-
groupSearchBase
The search base for group membership searches. Defaults to "".- Parameters:
groupSearchBase-- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customizations
-
groupSearchSubtree
If set to true, a subtree scope search will be performed for group membership. If false a single-level search is used.- Parameters:
groupSearchSubtree- set to true to enable searching of the entire tree below the groupSearchBase.- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customizations
-
groupSearchFilter
The LDAP filter to search for groups. Defaults to "(uniqueMember={0})". The substituted parameter is the DN of the user.- Parameters:
groupSearchFilter- the LDAP filter to search for groups- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customizations
-
rolePrefix
A non-empty string prefix that will be added as a prefix to the existing roles. The default is "ROLE_".- Parameters:
rolePrefix- the prefix to be added to the roles that are loaded.- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customizations - See Also:
-
userSearchBase
Search base for user searches. Defaults to "". Only used withuserSearchFilter(String).- Parameters:
userSearchBase- search base for user searches- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customizations
-
userSearchFilter
The LDAP filter used to search for users (optional). For example "(uid={0})". The substituted parameter is the user's login name.- Parameters:
userSearchFilter- the LDAP filter used to search for users- Returns:
- the
LdapAuthenticationProviderConfigurerfor further customizations
-
configure
Description copied from interface:SecurityConfigurerConfigure theSecurityBuilderby setting the necessary properties on theSecurityBuilder.- Specified by:
configurein interfaceSecurityConfigurer<AuthenticationManager,B extends ProviderManagerBuilder<B>> - Overrides:
configurein classSecurityConfigurerAdapter<AuthenticationManager,B extends ProviderManagerBuilder<B>> - Throws:
Exception
-
passwordCompare
- Returns:
- the
LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuilder<B>>.PasswordCompareConfigurerfor further customizations
-