tessl/maven-org-springframework-security--spring-security-ldap
Spring Security LDAP module providing comprehensive LDAP authentication and authorization capabilities for enterprise applications
—
Pending
user-details.mddocs/
User Details and Search
User details services and search implementations for retrieving user information from LDAP directories with comprehensive mapping and customization options.
Capabilities
LdapUserDetailsService
Spring Security UserDetailsService implementation that loads user details from LDAP directories.
/**
* UserDetailsService implementation that loads user details from LDAP
*/
public class LdapUserDetailsService implements UserDetailsService {
/**
* Creates an LDAP user details service with the specified user search
* @param userSearch the LDAP user search implementation
*/
public LdapUserDetailsService(LdapUserSearch userSearch);
/**
* Creates an LDAP user details service with user search and authorities populator
* @param userSearch the LDAP user search implementation
* @param authoritiesPopulator populator for retrieving user authorities
*/
public LdapUserDetailsService(LdapUserSearch userSearch, LdapAuthoritiesPopulator authoritiesPopulator);
/**
* Loads user details by username from LDAP
* @param username the username to search for
* @return UserDetails object containing user information and authorities
* @throws UsernameNotFoundException if user is not found
*/
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
/**
* Sets the user details context mapper for converting LDAP context to UserDetails
* @param mapper the context mapper to use
*/
public void setUserDetailsMapper(UserDetailsContextMapper mapper);
}Usage Examples:
// Basic user details service
FilterBasedLdapUserSearch userSearch =
new FilterBasedLdapUserSearch("ou=people", "uid={0}", contextSource);
LdapUserDetailsService userDetailsService = new LdapUserDetailsService(userSearch);
// With authorities populator
DefaultLdapAuthoritiesPopulator authoritiesPopulator =
new DefaultLdapAuthoritiesPopulator(contextSource, "ou=groups");
LdapUserDetailsService userDetailsService =
new LdapUserDetailsService(userSearch, authoritiesPopulator);
// With custom mapper
userDetailsService.setUserDetailsMapper(new LdapUserDetailsMapper());FilterBasedLdapUserSearch
LDAP user search implementation using configurable LDAP filters to locate users.
/**
* LDAP user search implementation using filter-based searches to locate users in the directory
*/
public class FilterBasedLdapUserSearch implements LdapUserSearch, InitializingBean, MessageSourceAware {
/**
* Creates a filter-based user search
* @param searchBase the base DN to search from
* @param searchFilter the LDAP search filter with {0} placeholder for username
* @param contextSource the LDAP context source
*/
public FilterBasedLdapUserSearch(String searchBase, String searchFilter, ContextSource contextSource);
/**
* Searches for a user in LDAP using the configured filter
* @param username the username to search for
* @return DirContextOperations representing the found user
* @throws UsernameNotFoundException if user is not found
*/
public DirContextOperations searchForUser(String username);
/**
* Sets whether to dereference links during search
* @param deref true to dereference links
*/
public void setDerefLinkFlag(boolean deref);
/**
* Sets whether to search the entire subtree or just one level
* @param searchSubtree true to search subtree
*/
public void setSearchSubtree(boolean searchSubtree);
/**
* Sets the search time limit in milliseconds
* @param searchTimeLimit time limit for searches
*/
public void setSearchTimeLimit(int searchTimeLimit);
/**
* Sets additional search controls
* @param searchControls the search controls to use
*/
public void setSearchControls(SearchControls searchControls);
}LdapUserDetailsImpl
Default implementation of LdapUserDetails providing LDAP-specific user information.
/**
* Default implementation of LdapUserDetails containing LDAP-specific user information and attributes
*/
public class LdapUserDetailsImpl implements LdapUserDetails, CredentialsContainer {
/**
* Gets the user's distinguished name
* @return the DN as a string
*/
public String getDn();
/**
* Gets the user's LDAP attributes
* @return Attributes object containing all user attributes
*/
public Attributes getAttributes();
// UserDetails implementation
/**
* Gets the username used for authentication
* @return the username
*/
public String getUsername();
/**
* Gets the user's password (may be null for security)
* @return the password or null
*/
public String getPassword();
/**
* Gets the user's granted authorities
* @return collection of GrantedAuthority objects
*/
public Collection<? extends GrantedAuthority> getAuthorities();
/**
* Indicates whether the user's account has expired
* @return true if account is non-expired
*/
public boolean isAccountNonExpired();
/**
* Indicates whether the user is locked or unlocked
* @return true if account is non-locked
*/
public boolean isAccountNonLocked();
/**
* Indicates whether the user's credentials have expired
* @return true if credentials are non-expired
*/
public boolean isCredentialsNonExpired();
/**
* Indicates whether the user is enabled or disabled
* @return true if user is enabled
*/
public boolean isEnabled();
/**
* Removes sensitive information (password) from the object
*/
public void eraseCredentials();
}LdapUserDetailsMapper
Default context mapper for converting LDAP context operations to UserDetails objects.
/**
* Default implementation of UserDetailsContextMapper for mapping LDAP contexts to UserDetails
*/
public class LdapUserDetailsMapper implements UserDetailsContextMapper {
/**
* Maps user information from LDAP context to UserDetails
* @param ctx the LDAP directory context operations
* @param username the username
* @param authorities the granted authorities
* @return UserDetails object
*/
public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
Collection<? extends GrantedAuthority> authorities);
/**
* Maps UserDetails back to LDAP context (for updates)
* @param user the UserDetails object
* @param ctx the directory context adapter
*/
public void mapUserToContext(UserDetails user, DirContextAdapter ctx);
/**
* Sets the name of the LDAP password attribute
* @param passwordAttributeName the password attribute name
*/
public void setPasswordAttributeName(String passwordAttributeName);
/**
* Sets the prefix to apply to role names
* @param rolePrefix the role prefix (default: "ROLE_")
*/
public void setRolePrefix(String rolePrefix);
/**
* Sets whether to convert role names to uppercase
* @param convertToUpperCase true to convert to uppercase
*/
public void setConvertToUpperCase(boolean convertToUpperCase);
}LDAP Person Classes
Person
Standard LDAP person object class implementation.
/**
* Represents a person entry in LDAP directory implementing the person object class
*/
public class Person extends DirContextAdapter implements LdapUserDetails, CredentialsContainer {
/**
* Default constructor creating an empty person
*/
public Person();
/**
* Creates a person with specified DN and object class
* @param dn the distinguished name
* @param objectClass the LDAP object class
*/
public Person(String dn, String objectClass);
// Person attributes
/**
* Gets the person's common name (cn)
* @return the common name
*/
public String getCn();
/**
* Sets the person's common name (cn)
* @param cn the common name
*/
public void setCn(String cn);
/**
* Gets the person's surname (sn)
* @return the surname
*/
public String getSn();
/**
* Sets the person's surname (sn)
* @param sn the surname
*/
public void setSn(String sn);
/**
* Gets the person's description
* @return the description
*/
public String getDescription();
/**
* Sets the person's description
* @param description the description
*/
public void setDescription(String description);
/**
* Gets the person's telephone number
* @return the telephone number
*/
public String getTelephoneNumber();
/**
* Sets the person's telephone number
* @param telephoneNumber the telephone number
*/
public void setTelephoneNumber(String telephoneNumber);
// LdapUserDetails and UserDetails implementation methods inherited
}LdapUserDetailsManager
UserDetailsManager implementation that provides CRUD operations for LDAP user entries.
/**
* UserDetailsManager implementation that allows CRUD operations on LDAP user entries
*/
public class LdapUserDetailsManager implements UserDetailsManager {
/**
* Creates an LDAP user details manager
* @param contextSource the LDAP context source
*/
public LdapUserDetailsManager(ContextSource contextSource);
/**
* Creates a new user in the LDAP directory
* @param user the UserDetails object containing user information
*/
public void createUser(UserDetails user);
/**
* Updates an existing user in the LDAP directory
* @param user the UserDetails object with updated information
*/
public void updateUser(UserDetails user);
/**
* Deletes a user from the LDAP directory
* @param username the username of the user to delete
*/
public void deleteUser(String username);
/**
* Changes the password for a user
* @param oldPassword the current password
* @param newPassword the new password
*/
public void changePassword(String oldPassword, String newPassword);
/**
* Checks if a user exists in the LDAP directory
* @param username the username to check
* @return true if the user exists
*/
public boolean userExists(String username);
/**
* Loads a user by username
* @param username the username
* @return UserDetails object
* @throws UsernameNotFoundException if user not found
*/
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
/**
* Sets the password encoder for password operations
* @param passwordEncoder the password encoder
*/
public void setPasswordEncoder(PasswordEncoder passwordEncoder);
/**
* Sets the user DN patterns for user entry creation
* @param userDnPatterns array of DN patterns
*/
public void setUserDnPatterns(String[] userDnPatterns);
}PersonContextMapper and InetOrgPersonContextMapper
Context mappers for Person and InetOrgPerson objects.
/**
* Context mapper for Person objects
*/
public class PersonContextMapper implements UserDetailsContextMapper {
/**
* Maps LDAP context to Person object
* @param ctx the directory context operations
* @param username the username
* @param authorities the granted authorities
* @return Person object with mapped attributes
*/
public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
Collection<? extends GrantedAuthority> authorities);
/**
* Maps Person object back to LDAP context
* @param user the Person object
* @param ctx the directory context adapter
*/
public void mapUserToContext(UserDetails user, DirContextAdapter ctx);
}
/**
* Context mapper for InetOrgPerson objects
*/
public class InetOrgPersonContextMapper implements UserDetailsContextMapper {
/**
* Maps LDAP context to InetOrgPerson object
* @param ctx the directory context operations
* @param username the username
* @param authorities the granted authorities
* @return InetOrgPerson object with mapped attributes
*/
public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
Collection<? extends GrantedAuthority> authorities);
/**
* Maps InetOrgPerson object back to LDAP context
* @param user the InetOrgPerson object
* @param ctx the directory context adapter
*/
public void mapUserToContext(UserDetails user, DirContextAdapter ctx);
}LdapAuthority
LDAP-specific authority implementation that includes distinguished name information.
/**
* LDAP-specific GrantedAuthority implementation that stores the authority name and DN
*/
public class LdapAuthority implements GrantedAuthority {
/**
* Creates an LDAP authority with role and DN
* @param role the role name
* @param dn the distinguished name of the authority source
*/
public LdapAuthority(String role, String dn);
/**
* Gets the authority name
* @return the authority string
*/
public String getAuthority();
/**
* Gets the distinguished name of the authority source
* @return the DN string
*/
public String getDn();
/**
* Gets the first attribute value from the DN
* @return the first attribute value
*/
public String getFirstAttributeValue();
}InetOrgPerson
Extended person class implementing the inetOrgPerson object class with additional attributes.
/**
* Represents an inetOrgPerson entry in LDAP directory with extended organizational attributes
*/
public class InetOrgPerson extends Person {
/**
* Default constructor creating an empty inetOrgPerson
*/
public InetOrgPerson();
// Extended organizational attributes
/**
* Gets the person's email address (mail)
* @return the email address
*/
public String getMail();
/**
* Sets the person's email address (mail)
* @param mail the email address
*/
public void setMail(String mail);
/**
* Gets the person's employee number
* @return the employee number
*/
public String getEmployeeNumber();
/**
* Sets the person's employee number
* @param employeeNumber the employee number
*/
public void setEmployeeNumber(String employeeNumber);
/**
* Gets the person's display name
* @return the display name
*/
public String getDisplayName();
/**
* Sets the person's display name
* @param displayName the display name
*/
public void setDisplayName(String displayName);
/**
* Gets the person's department number
* @return the department number
*/
public String getDepartmentNumber();
/**
* Sets the person's department number
* @param departmentNumber the department number
*/
public void setDepartmentNumber(String departmentNumber);
/**
* Gets the person's car license
* @return the car license
*/
public String getCarLicense();
/**
* Sets the person's car license
* @param carLicense the car license
*/
public void setCarLicense(String carLicense);
/**
* Gets the person's home phone number
* @return the home phone number
*/
public String getHomePhone();
/**
* Sets the person's home phone number
* @param homePhone the home phone number
*/
public void setHomePhone(String homePhone);
}Search Interfaces
LdapUserSearch
Strategy interface for LDAP user search implementations.
/**
* Strategy interface for locating users in LDAP directories
*/
public interface LdapUserSearch {
/**
* Searches for a user in the LDAP directory
* @param username the username to search for
* @return DirContextOperations representing the found user
* @throws UsernameNotFoundException if the user cannot be found
*/
DirContextOperations searchForUser(String username);
}UserDetailsContextMapper
Strategy interface for mapping between LDAP contexts and UserDetails objects.
/**
* Strategy interface for mapping between LDAP directory contexts and Spring Security UserDetails
*/
public interface UserDetailsContextMapper {
/**
* Maps user information from LDAP context to UserDetails object
* @param ctx the LDAP directory context operations containing user data
* @param username the username being mapped
* @param authorities the collection of granted authorities for the user
* @return UserDetails object containing mapped user information
*/
UserDetails mapUserFromContext(DirContextOperations ctx, String username,
Collection<? extends GrantedAuthority> authorities);
/**
* Maps UserDetails information back to LDAP context for directory updates
* @param user the UserDetails object to map
* @param ctx the directory context adapter to populate
*/
void mapUserToContext(UserDetails user, DirContextAdapter ctx);
}Configuration Examples
Complete User Details Service Setup
@Configuration
public class LdapUserDetailsConfig {
@Bean
public LdapUserSearch userSearch() {
FilterBasedLdapUserSearch search = new FilterBasedLdapUserSearch(
"ou=people", "uid={0}", contextSource());
search.setSearchSubtree(true);
search.setDerefLinkFlag(false);
return search;
}
@Bean
public LdapUserDetailsService userDetailsService() {
LdapUserDetailsService service = new LdapUserDetailsService(userSearch());
// Custom mapper for additional attributes
LdapUserDetailsMapper mapper = new LdapUserDetailsMapper();
mapper.setPasswordAttributeName("userPassword");
mapper.setRolePrefix("ROLE_");
service.setUserDetailsMapper(mapper);
return service;
}
}Custom UserDetailsContextMapper
@Component
public class CustomLdapUserDetailsMapper implements UserDetailsContextMapper {
@Override
public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
Collection<? extends GrantedAuthority> authorities) {
// Create InetOrgPerson with additional attributes
InetOrgPerson person = new InetOrgPerson();
person.setDn(ctx.getDn().toString());
person.setCn(ctx.getStringAttribute("cn"));
person.setSn(ctx.getStringAttribute("sn"));
person.setMail(ctx.getStringAttribute("mail"));
person.setEmployeeNumber(ctx.getStringAttribute("employeeNumber"));
// Set Spring Security attributes
person.setUsername(username);
person.setAuthorities(authorities);
person.setEnabled(true);
person.setAccountNonExpired(true);
person.setAccountNonLocked(true);
person.setCredentialsNonExpired(true);
return person;
}
@Override
public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
if (user instanceof InetOrgPerson) {
InetOrgPerson person = (InetOrgPerson) user;
ctx.setAttributeValue("cn", person.getCn());
ctx.setAttributeValue("sn", person.getSn());
ctx.setAttributeValue("mail", person.getMail());
}
}
}Install with Tessl CLI
npx tessl i tessl/maven-org-springframework-security--spring-security-ldap