Java tutorial
/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package no.dusken.common.plugin.ldapplugin.auth; import org.springframework.ldap.core.ContextSource; import org.springframework.ldap.core.DirContextOperations; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.GrantedAuthorityImpl; import org.springframework.security.ldap.SpringSecurityLdapTemplate; import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator; import java.util.HashSet; import java.util.Set; /** * To get roles out of the dusken ldap mess */ public class DuskenLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator { /** * Constructor for group search scenarios. <tt>userRoleAttributes</tt> may still be * set as a property. * * @param contextSource supplies the contexts used to search for user roles. * @param groupSearchBase if this is an empty string the search will be performed from the root DN of the * context factory. */ public DuskenLdapAuthoritiesPopulator(ContextSource contextSource, String groupSearchBase) { super(contextSource, groupSearchBase); } /** * This method should be overridden if required to obtain any additional * roles for the given user (on top of those obtained from the standard * search implemented by this class). * * @param user the context representing the user who's roles are required * @param username the username representing the user who's roles are required * @return the extra roles which will be merged with those returned by the group search */ @Override protected Set<GrantedAuthority> getAdditionalRoles(DirContextOperations user, String username) { // this is like "employeeNumber: 396" String employeeNumberString = user.getStringAttribute("employeeNumber"); // get the last number employeeNumberString = employeeNumberString.replaceFirst("employeeNumber: ", ""); Long employeeNumber = Long.parseLong(employeeNumberString); // I need this: SpringSecurityLdapTemplate ldapTemplate = new SpringSecurityLdapTemplate(getContextSource()); String groupSearchFilter = "memberID=" + employeeNumber; //noinspection unchecked Set<String> userRoles = ldapTemplate.searchForSingleAttributeValues(getGroupSearchBase(), groupSearchFilter, new String[] { user.getDn().toString(), username }, "roleName"); Set<GrantedAuthority> set = new HashSet<GrantedAuthority>(); for (String role : userRoles) { set.add(new GrantedAuthorityImpl("ROLE_" + role.toUpperCase().replaceAll(" ", "_"))); } return set; } }