|
@@ -30,7 +30,6 @@ import javax.naming.directory.SearchControls;
|
|
|
|
|
|
|
|
import java.util.ArrayList;
|
|
import java.util.ArrayList;
|
|
|
import java.util.Collection;
|
|
import java.util.Collection;
|
|
|
-import java.util.Collections;
|
|
|
|
|
import java.util.HashSet;
|
|
import java.util.HashSet;
|
|
|
import java.util.List;
|
|
import java.util.List;
|
|
|
import java.util.Set;
|
|
import java.util.Set;
|
|
@@ -46,13 +45,13 @@ import java.util.Set;
|
|
|
* that they should be assigned that role. The following LDIF sample has the groups stored
|
|
* that they should be assigned that role. The following LDIF sample has the groups stored
|
|
|
* under the DN <tt>ou=groups,dc=springframework,dc=org</tt> and a group called
|
|
* under the DN <tt>ou=groups,dc=springframework,dc=org</tt> and a group called
|
|
|
* "developers" with "ben" and "luke" as members:
|
|
* "developers" with "ben" and "luke" as members:
|
|
|
- *
|
|
|
|
|
|
|
+ *
|
|
|
* <pre>
|
|
* <pre>
|
|
|
* dn: ou=groups,dc=springframework,dc=org
|
|
* dn: ou=groups,dc=springframework,dc=org
|
|
|
* objectClass: top
|
|
* objectClass: top
|
|
|
* objectClass: organizationalUnit
|
|
* objectClass: organizationalUnit
|
|
|
* ou: groups
|
|
* ou: groups
|
|
|
- *
|
|
|
|
|
|
|
+ *
|
|
|
* dn: cn=developers,ou=groups,dc=springframework,dc=org
|
|
* dn: cn=developers,ou=groups,dc=springframework,dc=org
|
|
|
* objectClass: groupOfNames
|
|
* objectClass: groupOfNames
|
|
|
* objectClass: top
|
|
* objectClass: top
|
|
@@ -73,20 +72,20 @@ import java.util.Set;
|
|
|
* <p>
|
|
* <p>
|
|
|
* The configuration below shows how the group search might be performed with the above
|
|
* The configuration below shows how the group search might be performed with the above
|
|
|
* schema.
|
|
* schema.
|
|
|
- *
|
|
|
|
|
|
|
+ *
|
|
|
* <pre>
|
|
* <pre>
|
|
|
* <bean id="ldapAuthoritiesPopulator"
|
|
* <bean id="ldapAuthoritiesPopulator"
|
|
|
- * class="org.springframework.security.authentication.ldap.populator.DefaultLdapAuthoritiesPopulator">
|
|
|
|
|
|
|
+ * class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
|
|
|
* <constructor-arg ref="contextSource"/>
|
|
* <constructor-arg ref="contextSource"/>
|
|
|
* <constructor-arg value="ou=groups"/>
|
|
* <constructor-arg value="ou=groups"/>
|
|
|
* <property name="groupRoleAttribute" value="ou"/>
|
|
* <property name="groupRoleAttribute" value="ou"/>
|
|
|
* <!-- the following properties are shown with their default values -->
|
|
* <!-- the following properties are shown with their default values -->
|
|
|
- * <property name="searchSubTree" value="false"/>
|
|
|
|
|
|
|
+ * <property name="searchSubtree" value="false"/>
|
|
|
* <property name="rolePrefix" value="ROLE_"/>
|
|
* <property name="rolePrefix" value="ROLE_"/>
|
|
|
* <property name="convertToUpperCase" value="true"/>
|
|
* <property name="convertToUpperCase" value="true"/>
|
|
|
* </bean>
|
|
* </bean>
|
|
|
* </pre>
|
|
* </pre>
|
|
|
- *
|
|
|
|
|
|
|
+ *
|
|
|
* A search for roles for user "uid=ben,ou=people,dc=springframework,dc=org" would return
|
|
* A search for roles for user "uid=ben,ou=people,dc=springframework,dc=org" would return
|
|
|
* the single granted authority "ROLE_DEVELOPER".
|
|
* the single granted authority "ROLE_DEVELOPER".
|
|
|
* <p>
|
|
* <p>
|
Rob Winch