19 سال پیش · 488abe58fb
--- a/core/src/main/java/org/acegisecurity/ldap/DefaultInitialDirContextFactory.java
+++ b/core/src/main/java/org/acegisecurity/ldap/DefaultInitialDirContextFactory.java
@@ -106,11 +106,33 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
 
				 
			
 
				     //~ Constructors ===================================================================================================
			
 
				 
			
 
				+    /**
			
 
				+     * Create an uninitialized object. You must call {@link #setProviderUrl(String)} after instantiation.
			
 
				+     */
			
 
				+    public DefaultInitialDirContextFactory() {
			
 
				+    }
			
 
				+
			
 
				+    /**
			
 
				+     * Create and initialize an instance to the LDAP url provided
			
 
				+     * 
			
 
				+     * @param providerUrl a String of the form <code>ldap://localhost:389/base_dn<code>
			
 
				+     */
			
 
				     public DefaultInitialDirContextFactory(String providerUrl) {
			
 
				-        this.providerUrl = providerUrl;
			
 
				+        this.setProviderUrl(providerUrl);
			
 
				+    }
			
 
				+
			
 
				+    //~ Methods ========================================================================================================
			
 
				 
			
 
				+    /**
			
 
				+     * Set the LDAP url
			
 
				+     * 
			
 
				+     * @param providerUrl a String of the form <code>ldap://localhost:389/base_dn<code>
			
 
				+     */
			
 
				+    public void setProviderUrl(String providerUrl) {
			
 
				         Assert.hasLength(providerUrl, "An LDAP connection URL must be supplied.");
			
 
				 
			
 
				+        this.providerUrl = providerUrl;
			
 
				+
			
 
				         StringTokenizer st = new StringTokenizer(providerUrl);
			
 
				 
			
 
				         // Work out rootDn from the first URL and check that the other URLs (if any) match
			
@@ -131,7 +153,14 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
 
				         //Assert.isTrue(uri.getScheme().equals("ldap"), "Ldap URL must start with 'ldap://'");
			
 
				     }
			
 
				 
			
 
				-    //~ Methods ========================================================================================================
			
 
				+    /**
			
 
				+     * Get the LDAP url
			
 
				+     * 
			
 
				+     * @return the url
			
 
				+     */
			
 
				+    public String getProviderUrl() {
			
 
				+        return providerUrl;
			
 
				+    }
			
 
				 
			
 
				     private InitialDirContext connect(Hashtable env) {
			
 
				         if (logger.isDebugEnabled()) {
			
@@ -169,7 +198,7 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
 
				 
			
 
				         env.put(Context.SECURITY_AUTHENTICATION, authenticationType);
			
 
				         env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
			
 
				-        env.put(Context.PROVIDER_URL, providerUrl);
			
 
				+        env.put(Context.PROVIDER_URL, getProviderUrl());
			
 
				 
			
 
				         if (useConnectionPool) {
			
 
				             env.put(CONNECTION_POOL_KEY, "true");
			
--- a/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java
+++ b/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java
@@ -123,15 +123,43 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
 
				 
			
 
				     //~ Constructors ===================================================================================================
			
 
				 
			
 
				+    /**
			
 
				+     * Create an uninitialized instance. You must call {@link #setAuthenticator(LdapAuthenticator)} and
			
 
				+     * {@link #setAuthoritiesPopulator(LdapAuthoritiesPopulator)} before using.
			
 
				+     */
			
 
				+    public LdapAuthenticationProvider() {
			
 
				+    }
			
 
				+
			
 
				+    /**
			
 
				+     * Create an initialized instance to the values passed as arguments
			
 
				+     * 
			
 
				+     * @param authenticator
			
 
				+     * @param authoritiesPopulator
			
 
				+     */
			
 
				     public LdapAuthenticationProvider(LdapAuthenticator authenticator, LdapAuthoritiesPopulator authoritiesPopulator) {
			
 
				-        Assert.notNull(authenticator, "An LdapAuthenticator must be supplied");
			
 
				-        Assert.notNull(authoritiesPopulator, "An LdapAuthoritiesPopulator must be supplied");
			
 
				+        this.setAuthenticator(authenticator);
			
 
				+        this.setAuthoritiesPopulator(authoritiesPopulator);
			
 
				+    }
			
 
				+
			
 
				+    //~ Methods ========================================================================================================
			
 
				 
			
 
				+    public void setAuthenticator(LdapAuthenticator authenticator) {
			
 
				+        Assert.notNull(authenticator, "An LdapAuthenticator must be supplied");
			
 
				         this.authenticator = authenticator;
			
 
				+    }
			
 
				+
			
 
				+    public LdapAuthenticator getAuthenticator() {
			
 
				+        return authenticator;
			
 
				+    }
			
 
				+
			
 
				+    public void setAuthoritiesPopulator(LdapAuthoritiesPopulator authoritiesPopulator) {
			
 
				+        Assert.notNull(authoritiesPopulator, "An LdapAuthoritiesPopulator must be supplied");
			
 
				         this.authoritiesPopulator = authoritiesPopulator;
			
 
				     }
			
 
				 
			
 
				-    //~ Methods ========================================================================================================
			
 
				+    public LdapAuthoritiesPopulator getAuthoritiesPopulator() {
			
 
				+        return authoritiesPopulator;
			
 
				+    }
			
 
				 
			
 
				     protected void additionalAuthenticationChecks(UserDetails userDetails,
			
 
				                                                   UsernamePasswordAuthenticationToken authentication)
			
@@ -161,7 +189,7 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
 
				         user.setUsername(username);
			
 
				         user.setPassword(password);
			
 
				 
			
 
				-        GrantedAuthority[] extraAuthorities = authoritiesPopulator.getGrantedAuthorities(ldapUser);
			
 
				+        GrantedAuthority[] extraAuthorities = getAuthoritiesPopulator().getGrantedAuthorities(ldapUser);
			
 
				 
			
 
				         for (int i = 0; i < extraAuthorities.length; i++) {
			
 
				             user.addAuthority(extraAuthorities[i]);
			
@@ -171,7 +199,7 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
 
				     }
			
 
				 
			
 
				     protected LdapAuthoritiesPopulator getAuthoritiesPoulator() {
			
 
				-        return authoritiesPopulator;
			
 
				+        return getAuthoritiesPopulator();
			
 
				     }
			
 
				 
			
 
				     protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication)
			
@@ -195,7 +223,7 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
 
				         }
			
 
				 
			
 
				         try {
			
 
				-            LdapUserDetails ldapUser = authenticator.authenticate(username, password);
			
 
				+            LdapUserDetails ldapUser = getAuthenticator().authenticate(username, password);
			
 
				 
			
 
				             return createUserDetails(ldapUser, username, password);
			
 
				 
			
--- a/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/AbstractLdapAuthenticator.java
+++ b/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/AbstractLdapAuthenticator.java
@@ -70,7 +70,36 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
 
				 
			
 
				     //~ Constructors ===================================================================================================
			
 
				 
			
 
				-    protected AbstractLdapAuthenticator(InitialDirContextFactory initialDirContextFactory) {
			
 
				+    /**
			
 
				+     * Create an uninitialized instance. You must call {@link #setInitialDirContextFactory(InitialDirContextFactory)}
			
 
				+     * before using it.
			
 
				+     */
			
 
				+    public AbstractLdapAuthenticator() {
			
 
				+    }
			
 
				+
			
 
				+    /**
			
 
				+     * Create an initialized instance to the {@link InitialDirContextFactory} provided.
			
 
				+     * 
			
 
				+     * @param initialDirContextFactory
			
 
				+     */
			
 
				+    public AbstractLdapAuthenticator(InitialDirContextFactory initialDirContextFactory) {
			
 
				+        this.setInitialDirContextFactory(initialDirContextFactory);
			
 
				+    }
			
 
				+
			
 
				+    // ~ Methods
			
 
				+    // ========================================================================================================
			
 
				+
			
 
				+    public void afterPropertiesSet() throws Exception {
			
 
				+        Assert.isTrue((userDnFormat != null) || (userSearch != null),
			
 
				+                "Either an LdapUserSearch or DN pattern (or both) must be supplied.");
			
 
				+    }
			
 
				+
			
 
				+    /**
			
 
				+     * Set the {@link InitialDirContextFactory} and initialize this instance from its data.
			
 
				+     * 
			
 
				+     * @param initialDirContextFactory
			
 
				+     */
			
 
				+    public void setInitialDirContextFactory(InitialDirContextFactory initialDirContextFactory) {
			
 
				         Assert.notNull(initialDirContextFactory, "initialDirContextFactory must not be null.");
			
 
				         this.initialDirContextFactory = initialDirContextFactory;
			
 
				 
			
@@ -81,14 +110,7 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In
 
				         }
			
 
				     }
			
 
				 
			
 
				-    //~ Methods ========================================================================================================
			
 
				-
			
 
				-    public void afterPropertiesSet() throws Exception {
			
 
				-        Assert.isTrue((userDnFormat != null) || (userSearch != null),
			
 
				-            "Either an LdapUserSearch or DN pattern (or both) must be supplied.");
			
 
				-    }
			
 
				-
			
 
				-    protected InitialDirContextFactory getInitialDirContextFactory() {
			
 
				+    public InitialDirContextFactory getInitialDirContextFactory() {
			
 
				         return initialDirContextFactory;
			
 
				     }
			
 
				 
			
--- a/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator.java
+++ b/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator.java
@@ -44,6 +44,19 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 
				 
			
 
				     //~ Constructors ===================================================================================================
			
 
				 
			
 
				+    /**
			
 
				+     * Create an uninitialized instance. You must call {@link #setInitialDirContextFactory(InitialDirContextFactory)}
			
 
				+     * before using it.
			
 
				+     */
			
 
				+    public BindAuthenticator() {
			
 
				+        super();
			
 
				+    }
			
 
				+
			
 
				+    /**
			
 
				+     * Create an initialized instance to the {@link InitialDirContextFactory} provided.
			
 
				+     * 
			
 
				+     * @param initialDirContextFactory
			
 
				+     */
			
 
				     public BindAuthenticator(InitialDirContextFactory initialDirContextFactory) {
			
 
				         super(initialDirContextFactory);
			
 
				     }
			
--- a/core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java
+++ b/core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java
@@ -112,6 +112,13 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 
				 
			
 
				     //~ Constructors ===================================================================================================
			
 
				 
			
 
				+    /**
			
 
				+     * Create an uninitialized instance. You must call {@link #setInitialDirContextFactory(InitialDirContextFactory)}
			
 
				+     * and {@link #setGroupSearchBase(String)} before using it.
			
 
				+     */
			
 
				+    public DefaultLdapAuthoritiesPopulator() {
			
 
				+    }
			
 
				+
			
 
				     /**
			
 
				      * Constructor for group search scenarios. <tt>userRoleAttributes</tt> may still be
			
 
				      * set as a property.
			
@@ -121,18 +128,8 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 
				      * context factory.
			
 
				      */
			
 
				     public DefaultLdapAuthoritiesPopulator(InitialDirContextFactory initialDirContextFactory, String groupSearchBase) {
			
 
				-        Assert.notNull(initialDirContextFactory, "InitialDirContextFactory must not be null");
			
 
				-        Assert.notNull(groupSearchBase, "The groupSearchBase (name to search under), must not be null.");
			
 
				-        this.initialDirContextFactory = initialDirContextFactory;
			
 
				-        this.groupSearchBase = groupSearchBase;
			
 
				-
			
 
				-        if (groupSearchBase.length() == 0) {
			
 
				-            logger.info("groupSearchBase is empty. Searches will be performed from the root: "
			
 
				-                + initialDirContextFactory.getRootDn());
			
 
				-        }
			
 
				-
			
 
				-        ldapTemplate = new LdapTemplate(initialDirContextFactory);
			
 
				-        ldapTemplate.setSearchControls(searchControls);
			
 
				+        this.setInitialDirContextFactory(initialDirContextFactory);
			
 
				+        this.setGroupSearchBase(groupSearchBase);
			
 
				     }
			
 
				 
			
 
				     //~ Methods ========================================================================================================
			
@@ -204,16 +201,16 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 
				     public Set getGroupMembershipRoles(String userDn, String username) {
			
 
				         Set authorities = new HashSet();
			
 
				 
			
 
				-        if (groupSearchBase == null) {
			
 
				+        if (getGroupSearchBase() == null) {
			
 
				             return authorities;
			
 
				         }
			
 
				 
			
 
				         if (logger.isDebugEnabled()) {
			
 
				             logger.debug("Searching for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter "
			
 
				-                + groupSearchFilter + " in search base '" + groupSearchBase + "'");
			
 
				+                + groupSearchFilter + " in search base '" + getGroupSearchBase() + "'");
			
 
				         }
			
 
				 
			
 
				-        Set userRoles = ldapTemplate.searchForSingleAttributeValues(groupSearchBase, groupSearchFilter,
			
 
				+        Set userRoles = ldapTemplate.searchForSingleAttributeValues(getGroupSearchBase(), groupSearchFilter,
			
 
				                 new String[] {userDn, username}, groupRoleAttribute);
			
 
				 
			
 
				         if (logger.isDebugEnabled()) {
			
@@ -254,6 +251,38 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
 
				         return initialDirContextFactory;
			
 
				     }
			
 
				 
			
 
				+    /**
			
 
				+     * Set the {@link InitialDirContextFactory}
			
 
				+     * 
			
 
				+     * @param initialDirContextFactory supplies the contexts used to search for user roles.
			
 
				+     */
			
 
				+    public void setInitialDirContextFactory(InitialDirContextFactory initialDirContextFactory) {
			
 
				+        Assert.notNull(initialDirContextFactory, "InitialDirContextFactory must not be null");
			
 
				+        this.initialDirContextFactory = initialDirContextFactory;
			
 
				+
			
 
				+        ldapTemplate = new LdapTemplate(initialDirContextFactory);
			
 
				+        ldapTemplate.setSearchControls(searchControls);
			
 
				+    }
			
 
				+
			
 
				+    /**
			
 
				+     * Set the group search base (name to search under)
			
 
				+     * 
			
 
				+     * @param groupSearchBase if this is an empty string the search will be performed from the root DN of the context
			
 
				+     * factory.
			
 
				+     */
			
 
				+    public void setGroupSearchBase(String groupSearchBase) {
			
 
				+        Assert.notNull(groupSearchBase, "The groupSearchBase (name to search under), must not be null.");
			
 
				+        this.groupSearchBase = groupSearchBase;
			
 
				+        if (groupSearchBase.length() == 0) {
			
 
				+            logger.info("groupSearchBase is empty. Searches will be performed from the root: "
			
 
				+                + getInitialDirContextFactory().getRootDn());
			
 
				+        }
			
 
				+    }
			
 
				+
			
 
				+    protected String getGroupSearchBase() {
			
 
				+        return groupSearchBase;
			
 
				+    }
			
 
				+
			
 
				     public void setConvertToUpperCase(boolean convertToUpperCase) {
			
 
				         this.convertToUpperCase = convertToUpperCase;
			
 
				     }