|
@@ -14,22 +14,22 @@ import org.w3c.dom.Element;
|
|
|
* @since 2.0
|
|
* @since 2.0
|
|
|
*/
|
|
*/
|
|
|
public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser {
|
|
public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser {
|
|
|
- public static final String ATT_SERVER = "server-ref";
|
|
|
|
|
|
|
+ public static final String ATT_SERVER = "server-ref";
|
|
|
public static final String ATT_USER_SEARCH_FILTER = "user-search-filter";
|
|
public static final String ATT_USER_SEARCH_FILTER = "user-search-filter";
|
|
|
public static final String ATT_USER_SEARCH_BASE = "user-search-base";
|
|
public static final String ATT_USER_SEARCH_BASE = "user-search-base";
|
|
|
public static final String DEF_USER_SEARCH_BASE = "";
|
|
public static final String DEF_USER_SEARCH_BASE = "";
|
|
|
|
|
|
|
|
public static final String ATT_GROUP_SEARCH_FILTER = "group-search-filter";
|
|
public static final String ATT_GROUP_SEARCH_FILTER = "group-search-filter";
|
|
|
public static final String ATT_GROUP_SEARCH_BASE = "group-search-base";
|
|
public static final String ATT_GROUP_SEARCH_BASE = "group-search-base";
|
|
|
- public static final String ATT_GROUP_ROLE_ATTRIBUTE = "group-role-attribute";
|
|
|
|
|
|
|
+ public static final String ATT_GROUP_ROLE_ATTRIBUTE = "group-role-attribute";
|
|
|
public static final String DEF_GROUP_SEARCH_FILTER = "(uniqueMember={0})";
|
|
public static final String DEF_GROUP_SEARCH_FILTER = "(uniqueMember={0})";
|
|
|
- public static final String DEF_GROUP_SEARCH_BASE = "ou=groups";
|
|
|
|
|
-
|
|
|
|
|
|
|
+ public static final String DEF_GROUP_SEARCH_BASE = "";
|
|
|
|
|
+
|
|
|
static final String ATT_ROLE_PREFIX = "role-prefix";
|
|
static final String ATT_ROLE_PREFIX = "role-prefix";
|
|
|
static final String ATT_USER_CLASS = "user-details-class";
|
|
static final String ATT_USER_CLASS = "user-details-class";
|
|
|
static final String OPT_PERSON = "person";
|
|
static final String OPT_PERSON = "person";
|
|
|
static final String OPT_INETORGPERSON = "inetOrgPerson";
|
|
static final String OPT_INETORGPERSON = "inetOrgPerson";
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
public static final String LDAP_SEARCH_CLASS = "org.springframework.security.ldap.search.FilterBasedLdapUserSearch";
|
|
public static final String LDAP_SEARCH_CLASS = "org.springframework.security.ldap.search.FilterBasedLdapUserSearch";
|
|
|
public static final String PERSON_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.PersonContextMapper";
|
|
public static final String PERSON_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.PersonContextMapper";
|
|
|
public static final String INET_ORG_PERSON_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.InetOrgPersonContextMapper";
|
|
public static final String INET_ORG_PERSON_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.InetOrgPersonContextMapper";
|
|
@@ -45,42 +45,42 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
|
|
|
if (!StringUtils.hasText(elt.getAttribute(ATT_USER_SEARCH_FILTER))) {
|
|
if (!StringUtils.hasText(elt.getAttribute(ATT_USER_SEARCH_FILTER))) {
|
|
|
parserContext.getReaderContext().error("User search filter must be supplied", elt);
|
|
parserContext.getReaderContext().error("User search filter must be supplied", elt);
|
|
|
}
|
|
}
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
builder.addConstructorArg(parseSearchBean(elt, parserContext));
|
|
builder.addConstructorArg(parseSearchBean(elt, parserContext));
|
|
|
builder.addConstructorArg(parseAuthoritiesPopulator(elt, parserContext));
|
|
builder.addConstructorArg(parseAuthoritiesPopulator(elt, parserContext));
|
|
|
builder.addPropertyValue("userDetailsMapper", parseUserDetailsClass(elt, parserContext));
|
|
builder.addPropertyValue("userDetailsMapper", parseUserDetailsClass(elt, parserContext));
|
|
|
}
|
|
}
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
static RootBeanDefinition parseSearchBean(Element elt, ParserContext parserContext) {
|
|
static RootBeanDefinition parseSearchBean(Element elt, ParserContext parserContext) {
|
|
|
String userSearchFilter = elt.getAttribute(ATT_USER_SEARCH_FILTER);
|
|
String userSearchFilter = elt.getAttribute(ATT_USER_SEARCH_FILTER);
|
|
|
String userSearchBase = elt.getAttribute(ATT_USER_SEARCH_BASE);
|
|
String userSearchBase = elt.getAttribute(ATT_USER_SEARCH_BASE);
|
|
|
Object source = parserContext.extractSource(elt);
|
|
Object source = parserContext.extractSource(elt);
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
if (StringUtils.hasText(userSearchBase)) {
|
|
if (StringUtils.hasText(userSearchBase)) {
|
|
|
if(!StringUtils.hasText(userSearchFilter)) {
|
|
if(!StringUtils.hasText(userSearchFilter)) {
|
|
|
parserContext.getReaderContext().error(ATT_USER_SEARCH_BASE + " cannot be used without a " + ATT_USER_SEARCH_FILTER, source);
|
|
parserContext.getReaderContext().error(ATT_USER_SEARCH_BASE + " cannot be used without a " + ATT_USER_SEARCH_FILTER, source);
|
|
|
}
|
|
}
|
|
|
} else {
|
|
} else {
|
|
|
userSearchBase = DEF_USER_SEARCH_BASE;
|
|
userSearchBase = DEF_USER_SEARCH_BASE;
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
if (!StringUtils.hasText(userSearchFilter)) {
|
|
if (!StringUtils.hasText(userSearchFilter)) {
|
|
|
return null;
|
|
return null;
|
|
|
}
|
|
}
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
BeanDefinitionBuilder searchBuilder = BeanDefinitionBuilder.rootBeanDefinition(LDAP_SEARCH_CLASS);
|
|
BeanDefinitionBuilder searchBuilder = BeanDefinitionBuilder.rootBeanDefinition(LDAP_SEARCH_CLASS);
|
|
|
searchBuilder.setSource(source);
|
|
searchBuilder.setSource(source);
|
|
|
searchBuilder.addConstructorArg(userSearchBase);
|
|
searchBuilder.addConstructorArg(userSearchBase);
|
|
|
searchBuilder.addConstructorArg(userSearchFilter);
|
|
searchBuilder.addConstructorArg(userSearchFilter);
|
|
|
searchBuilder.addConstructorArg(parseServerReference(elt, parserContext));
|
|
searchBuilder.addConstructorArg(parseServerReference(elt, parserContext));
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
return (RootBeanDefinition) searchBuilder.getBeanDefinition();
|
|
return (RootBeanDefinition) searchBuilder.getBeanDefinition();
|
|
|
}
|
|
}
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
static RuntimeBeanReference parseServerReference(Element elt, ParserContext parserContext) {
|
|
static RuntimeBeanReference parseServerReference(Element elt, ParserContext parserContext) {
|
|
|
String server = elt.getAttribute(ATT_SERVER);
|
|
String server = elt.getAttribute(ATT_SERVER);
|
|
|
boolean requiresDefaultName = false;
|
|
boolean requiresDefaultName = false;
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
if (!StringUtils.hasText(server)) {
|
|
if (!StringUtils.hasText(server)) {
|
|
|
server = BeanIds.CONTEXT_SOURCE;
|
|
server = BeanIds.CONTEXT_SOURCE;
|
|
|
requiresDefaultName = true;
|
|
requiresDefaultName = true;
|
|
@@ -89,27 +89,27 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
|
|
|
RuntimeBeanReference contextSource = new RuntimeBeanReference(server);
|
|
RuntimeBeanReference contextSource = new RuntimeBeanReference(server);
|
|
|
contextSource.setSource(parserContext.extractSource(elt));
|
|
contextSource.setSource(parserContext.extractSource(elt));
|
|
|
LdapConfigUtils.registerPostProcessorIfNecessary(parserContext.getRegistry(), requiresDefaultName);
|
|
LdapConfigUtils.registerPostProcessorIfNecessary(parserContext.getRegistry(), requiresDefaultName);
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
return contextSource;
|
|
return contextSource;
|
|
|
}
|
|
}
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
static RootBeanDefinition parseUserDetailsClass(Element elt, ParserContext parserContext) {
|
|
static RootBeanDefinition parseUserDetailsClass(Element elt, ParserContext parserContext) {
|
|
|
- String userDetailsClass = elt.getAttribute(ATT_USER_CLASS);
|
|
|
|
|
-
|
|
|
|
|
- if (OPT_PERSON.equals(userDetailsClass)) {
|
|
|
|
|
- return new RootBeanDefinition(PERSON_MAPPER_CLASS, null, null);
|
|
|
|
|
- } else if (OPT_INETORGPERSON.equals(userDetailsClass)) {
|
|
|
|
|
- return new RootBeanDefinition(INET_ORG_PERSON_MAPPER_CLASS, null, null);
|
|
|
|
|
- }
|
|
|
|
|
- return new RootBeanDefinition(LDAP_USER_MAPPER_CLASS, null, null);
|
|
|
|
|
|
|
+ String userDetailsClass = elt.getAttribute(ATT_USER_CLASS);
|
|
|
|
|
+
|
|
|
|
|
+ if (OPT_PERSON.equals(userDetailsClass)) {
|
|
|
|
|
+ return new RootBeanDefinition(PERSON_MAPPER_CLASS, null, null);
|
|
|
|
|
+ } else if (OPT_INETORGPERSON.equals(userDetailsClass)) {
|
|
|
|
|
+ return new RootBeanDefinition(INET_ORG_PERSON_MAPPER_CLASS, null, null);
|
|
|
|
|
+ }
|
|
|
|
|
+ return new RootBeanDefinition(LDAP_USER_MAPPER_CLASS, null, null);
|
|
|
}
|
|
}
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
static RootBeanDefinition parseAuthoritiesPopulator(Element elt, ParserContext parserContext) {
|
|
static RootBeanDefinition parseAuthoritiesPopulator(Element elt, ParserContext parserContext) {
|
|
|
String groupSearchFilter = elt.getAttribute(ATT_GROUP_SEARCH_FILTER);
|
|
String groupSearchFilter = elt.getAttribute(ATT_GROUP_SEARCH_FILTER);
|
|
|
String groupSearchBase = elt.getAttribute(ATT_GROUP_SEARCH_BASE);
|
|
String groupSearchBase = elt.getAttribute(ATT_GROUP_SEARCH_BASE);
|
|
|
String groupRoleAttribute = elt.getAttribute(ATT_GROUP_ROLE_ATTRIBUTE);
|
|
String groupRoleAttribute = elt.getAttribute(ATT_GROUP_ROLE_ATTRIBUTE);
|
|
|
String rolePrefix = elt.getAttribute(ATT_ROLE_PREFIX);
|
|
String rolePrefix = elt.getAttribute(ATT_ROLE_PREFIX);
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
if (!StringUtils.hasText(groupSearchFilter)) {
|
|
if (!StringUtils.hasText(groupSearchFilter)) {
|
|
|
groupSearchFilter = DEF_GROUP_SEARCH_FILTER;
|
|
groupSearchFilter = DEF_GROUP_SEARCH_FILTER;
|
|
|
}
|
|
}
|
|
@@ -117,25 +117,25 @@ public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServ
|
|
|
if (!StringUtils.hasText(groupSearchBase)) {
|
|
if (!StringUtils.hasText(groupSearchBase)) {
|
|
|
groupSearchBase = DEF_GROUP_SEARCH_BASE;
|
|
groupSearchBase = DEF_GROUP_SEARCH_BASE;
|
|
|
}
|
|
}
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
BeanDefinitionBuilder populator = BeanDefinitionBuilder.rootBeanDefinition(LDAP_AUTHORITIES_POPULATOR_CLASS);
|
|
BeanDefinitionBuilder populator = BeanDefinitionBuilder.rootBeanDefinition(LDAP_AUTHORITIES_POPULATOR_CLASS);
|
|
|
populator.setSource(parserContext.extractSource(elt));
|
|
populator.setSource(parserContext.extractSource(elt));
|
|
|
populator.addConstructorArg(parseServerReference(elt, parserContext));
|
|
populator.addConstructorArg(parseServerReference(elt, parserContext));
|
|
|
populator.addConstructorArg(groupSearchBase);
|
|
populator.addConstructorArg(groupSearchBase);
|
|
|
populator.addPropertyValue("groupSearchFilter", groupSearchFilter);
|
|
populator.addPropertyValue("groupSearchFilter", groupSearchFilter);
|
|
|
populator.addPropertyValue("searchSubtree", Boolean.TRUE);
|
|
populator.addPropertyValue("searchSubtree", Boolean.TRUE);
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
if (StringUtils.hasText(rolePrefix)) {
|
|
if (StringUtils.hasText(rolePrefix)) {
|
|
|
if ("none".equals(rolePrefix)) {
|
|
if ("none".equals(rolePrefix)) {
|
|
|
rolePrefix = "";
|
|
rolePrefix = "";
|
|
|
}
|
|
}
|
|
|
populator.addPropertyValue("rolePrefix", rolePrefix);
|
|
populator.addPropertyValue("rolePrefix", rolePrefix);
|
|
|
}
|
|
}
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
if (StringUtils.hasLength(groupRoleAttribute)) {
|
|
if (StringUtils.hasLength(groupRoleAttribute)) {
|
|
|
populator.addPropertyValue("groupRoleAttribute", groupRoleAttribute);
|
|
populator.addPropertyValue("groupRoleAttribute", groupRoleAttribute);
|
|
|
}
|
|
}
|
|
|
-
|
|
|
|
|
|
|
+
|
|
|
return (RootBeanDefinition) populator.getBeanDefinition();
|
|
return (RootBeanDefinition) populator.getBeanDefinition();
|
|
|
}
|
|
}
|
|
|
}
|
|
}
|
Luke Taylor