org.jasig.cas.userdetails

Class LdapUserDetailsService

java.lang.Object

org.jasig.cas.userdetails.LdapUserDetailsService

All Implemented Interfaces:

org.springframework.security.core.userdetails.UserDetailsService

public class LdapUserDetailsService
extends Object
implements org.springframework.security.core.userdetails.UserDetailsService

Provides a simple UserDetailsService implementation that obtains user details from an LDAP search. Two searches are performed by this component for every user details lookup:

1. Search for an entry to resolve the username. In most cases the search should return exactly one result, but the setAllowMultipleResults(boolean) property may be toggled to change that behavior.
2. Search for groups of which the user is a member. This search commonly occurs on a separate directory branch than that of the user search.

Since:

4.0

Author:

Marvin S. Addison, Misagh Moayyed

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_ROLE_PREFIX Default role prefix.
static String	UNKNOWN_PASSWORD Placeholder for unknown password given to user details.

Constructor Summary

Constructors

Constructor and Description
LdapUserDetailsService(org.ldaptive.ConnectionFactory factory, org.ldaptive.SearchExecutor userSearchExecutor, org.ldaptive.SearchExecutor roleSearchExecutor, String userAttributeName, String roleAttributeName) Creates a new instance with the given required parameters.

Method Summary

Methods

Modifier and Type	Method and Description
org.springframework.security.core.userdetails.UserDetails	loadUserByUsername(String username)
void	setAllowMultipleResults(boolean allowMultiple) Sets whether to allow multiple search results for user details given a username.
void	setRolePrefix(String rolePrefix) Sets the prefix appended to the uppercase roleAttributeName per the normal Spring Security convention.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_ROLE_PREFIX

public static final String DEFAULT_ROLE_PREFIX

Default role prefix.

See Also:

Constant Field Values

UNKNOWN_PASSWORD

public static final String UNKNOWN_PASSWORD

Placeholder for unknown password given to user details.

See Also:

Constant Field Values

Constructor Detail

LdapUserDetailsService

public LdapUserDetailsService(org.ldaptive.ConnectionFactory factory,
                      org.ldaptive.SearchExecutor userSearchExecutor,
                      org.ldaptive.SearchExecutor roleSearchExecutor,
                      String userAttributeName,
                      String roleAttributeName)

Creates a new instance with the given required parameters.

Parameters:

factory - Source of LDAP connections for searches.

userSearchExecutor - Executes the LDAP search for user data.

roleSearchExecutor - Executes the LDAP search for role data.

userAttributeName - Name of LDAP attribute that contains username for user details.

roleAttributeName - Name of LDAP attribute that contains role membership data for the user.

Method Detail

setRolePrefix

public void setRolePrefix(String rolePrefix)

Sets the prefix appended to the uppercase roleAttributeName per the normal Spring Security convention. The default value "ROLE_" is sufficient in most cases.

Parameters:

rolePrefix - Role prefix.

setAllowMultipleResults

public void setAllowMultipleResults(boolean allowMultiple)

Sets whether to allow multiple search results for user details given a username. This is false by default, which is sufficient and secure for more deployments. Setting this to true may have security consequences.

Parameters:

allowMultiple - True to allow multiple search results in which case the first result returned is used to construct user details, or false to indicate that a runtime exception should be raised on multiple search results for user details.

loadUserByUsername

public org.springframework.security.core.userdetails.UserDetails loadUserByUsername(String username)

Specified by:

loadUserByUsername in interface org.springframework.security.core.userdetails.UserDetailsService