| java.lang.Object | |
| ↳ | org.springframework.security.ldap.userdetails.LdapUserDetailsManager |
Class Overview
An Ldap implementation of UserDetailsManager.
It is designed around a standard setup where users and groups/roles are stored under separate contexts, defined by the "userDnBase" and "groupSearchBase" properties respectively.
In this case, LDAP is being used purely to retrieve information and this class can be used in place of any other UserDetailsService for authentication. Authentication isn't performed directly against the directory, unlike with the LDAP authentication provider setup.
Summary
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Changes the password for the current user.
| |||||||||||
Create a new user with the supplied details.
| |||||||||||
Remove the user with the given login name from the system.
| |||||||||||
Locates the user based on the username.
| |||||||||||
Sets the name of the multi-valued attribute which holds the DNs of users who are members of a group.
| |||||||||||
Update the specified user.
| |||||||||||
Check if a user with the supplied login name exists in the system.
| |||||||||||
| Protected Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Creates a DN from a group name.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.lang.Object
| |||||||||||
|
From interface
org.springframework.security.core.userdetails.UserDetailsService
| |||||||||||
|
From interface
org.springframework.security.provisioning.UserDetailsManager
| |||||||||||
Public Constructors
public LdapUserDetailsManager (ContextSource contextSource)
Public Methods
public void changePassword (String oldPassword, String newPassword)
Changes the password for the current user. The username is obtained from the security context.
If the old password is supplied, the update will be made by rebinding as the user, thus modifying the password
using the user's permissions. If oldPassword is null, the update will be attempted using a
standard read/write context supplied by the context source.
Parameters
| oldPassword | the old password |
|---|---|
| newPassword | the new value of the password. |
public UserDetails loadUserByUsername (String username)
Locates the user based on the username. In the actual implementation, the search may possibly be case
insensitive, or case insensitive depending on how the implementation instance is configured. In this case, the
UserDetails object that comes back may have a username that is of a different case than what was
actually requested..
Parameters
| username | the username identifying the user whose data is required. |
|---|
Returns
- a fully populated user record (never
null)
public void setGroupMemberAttributeName (String groupMemberAttributeName)
Sets the name of the multi-valued attribute which holds the DNs of users who are members of a group.
Usually this will be uniquemember (the default value) or member.
Parameters
| groupMemberAttributeName | the name of the attribute used to store group members. |
|---|
public void setRoleMapper (AttributesMapper roleMapper)
public boolean userExists (String username)
Check if a user with the supplied login name exists in the system.
Protected Methods
protected void addAuthorities (DistinguishedName userDn, Collection<? extends GrantedAuthority> authorities)
protected DistinguishedName buildGroupDn (String group)
Creates a DN from a group name.
Parameters
| group | the name of the group |
|---|
Returns
- the DN of the corresponding group, including the groupSearchBase