Use `LdapName` instead of `DistinguishedName`

Closes gh-17301

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>

ldap/src/main/java/org/springframework/security/ldap/DefaultLdapUsernameToDnMapper.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,7 +18,6 @@ package org.springframework.security.ldap;
 
 import javax.naming.ldap.LdapName;
 
-import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.ldap.support.LdapNameBuilder;
 
 /**
@@ -44,18 +43,6 @@ public class DefaultLdapUsernameToDnMapper implements LdapUsernameToDnMapper {
 		this.usernameAttribute = usernameAttribute;
 	}
 
-	/**
-	 * Assembles the Distinguished Name that should be used the given username.
-	 * @deprecated Use {@link #buildLdapName(String)} instead
-	 */
-	@Override
-	@Deprecated
-	public DistinguishedName buildDn(String username) {
-		DistinguishedName dn = new DistinguishedName(this.userDnBase);
-		dn.add(this.usernameAttribute, username);
-		return dn;
-	}
-
 	@Override
 	public LdapName buildLdapName(String username) {
 		return LdapNameBuilder.newInstance(this.userDnBase).add(this.usernameAttribute, username).build();

ldap/src/main/java/org/springframework/security/ldap/LdapUsernameToDnMapper.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,8 +18,6 @@ package org.springframework.security.ldap;
 
 import javax.naming.ldap.LdapName;
 
-import org.springframework.ldap.core.DistinguishedName;
-
 /**
  * Constructs an Ldap Distinguished Name from a username.
  *
@@ -27,14 +25,6 @@ import org.springframework.ldap.core.DistinguishedName;
  */
 public interface LdapUsernameToDnMapper {
 
-	/**
-	 * @deprecated Use {@link #buildLdapName(String)} instead
-	 */
-	@Deprecated
-	DistinguishedName buildDn(String username);
-
-	default LdapName buildLdapName(String username) {
-		return org.springframework.ldap.support.LdapUtils.newLdapName(buildDn(username));
-	}
+	LdapName buildLdapName(String username);
 
 }

ldap/src/main/java/org/springframework/security/ldap/LdapUtils.java

@@ -28,7 +28,6 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.ldap.support.LdapNameBuilder;
 import org.springframework.security.crypto.codec.Utf8;
 import org.springframework.util.Assert;
@@ -101,18 +100,7 @@ public final class LdapUtils {
 	/**
 	 * Gets the full dn of a name by prepending the name of the context it is relative to.
 	 * If the name already contains the base name, it is returned unaltered.
-	 * @deprecated Use {@link #getFullDn(LdapName, Context)}
 	 */
-	@Deprecated
-	public static DistinguishedName getFullDn(DistinguishedName dn, Context baseCtx) throws NamingException {
-		DistinguishedName baseDn = new DistinguishedName(baseCtx.getNameInNamespace());
-		if (dn.contains(baseDn)) {
-			return dn;
-		}
-		baseDn.append(dn);
-		return baseDn;
-	}
-
 	public static LdapName getFullDn(LdapName dn, Context baseCtx) throws NamingException {
 		LdapName baseDn = LdapNameBuilder.newInstance(baseCtx.getNameInNamespace()).build();
 		if (dn.startsWith(baseDn)) {

ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,7 +48,6 @@ import org.springframework.ldap.core.AttributesMapper;
 import org.springframework.ldap.core.AttributesMapperCallbackHandler;
 import org.springframework.ldap.core.ContextSource;
 import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DistinguishedName;
 import org.springframework.ldap.core.LdapTemplate;
 import org.springframework.ldap.core.SearchExecutor;
 import org.springframework.ldap.support.LdapNameBuilder;
@@ -289,39 +288,23 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 	 * Creates a DN from a group name.
 	 * @param group the name of the group
 	 * @return the DN of the corresponding group, including the groupSearchBase
-	 * @deprecated
 	 */
-	@Deprecated
-	protected DistinguishedName buildGroupDn(String group) {
-		DistinguishedName dn = new DistinguishedName(this.groupSearchBase);
-		dn.add(this.groupRoleAttributeName, group.toLowerCase(Locale.ROOT));
-		return dn;
-	}
-
-	protected LdapName buildGroupName(String group) {
-		return LdapNameBuilder.newInstance(buildGroupDn(group)).build();
+	protected LdapName buildGroupDn(String group) {
+		return LdapNameBuilder.newInstance(this.groupSearchBase)
+			.add(this.groupRoleAttributeName, group.toLowerCase(Locale.ROOT))
+			.build();
 	}
 
 	protected void copyToContext(UserDetails user, DirContextAdapter ctx) {
 		this.userDetailsMapper.mapUserToContext(user, ctx);
 	}
 
-	@Deprecated
-	protected void addAuthorities(DistinguishedName userDn, Collection<? extends GrantedAuthority> authorities) {
-		modifyAuthorities(LdapNameBuilder.newInstance(userDn).build(), authorities, DirContext.ADD_ATTRIBUTE);
-	}
-
 	protected void addAuthorities(LdapName userDn, Collection<? extends GrantedAuthority> authorities) {
-		addAuthorities(new DistinguishedName(userDn), authorities);
-	}
-
-	@Deprecated
-	protected void removeAuthorities(DistinguishedName userDn, Collection<? extends GrantedAuthority> authorities) {
-		modifyAuthorities(LdapNameBuilder.newInstance(userDn).build(), authorities, DirContext.REMOVE_ATTRIBUTE);
+		modifyAuthorities(LdapNameBuilder.newInstance(userDn).build(), authorities, DirContext.ADD_ATTRIBUTE);
 	}
 
 	protected void removeAuthorities(LdapName userDn, Collection<? extends GrantedAuthority> authorities) {
-		removeAuthorities(new DistinguishedName(userDn), authorities);
+		modifyAuthorities(LdapNameBuilder.newInstance(userDn).build(), authorities, DirContext.REMOVE_ATTRIBUTE);
 	}
 
 	private void modifyAuthorities(final LdapName userDn, final Collection<? extends GrantedAuthority> authorities,
@@ -332,7 +315,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
 				LdapName fullDn = LdapUtils.getFullDn(userDn, ctx);
 				ModificationItem addGroup = new ModificationItem(modType,
 						new BasicAttribute(this.groupMemberAttributeName, fullDn.toString()));
-				ctx.modifyAttributes(buildGroupName(group), new ModificationItem[] { addGroup });
+				ctx.modifyAttributes(buildGroupDn(group), new ModificationItem[] { addGroup });
 			}
 			return null;
 		});

ldap/src/test/java/org/springframework/security/ldap/SpringSecurityAuthenticationSourceTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,7 +21,7 @@ import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
 import org.springframework.ldap.core.AuthenticationSource;
-import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.ldap.support.LdapNameBuilder;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.authority.AuthorityUtils;
@@ -82,7 +82,7 @@ public class SpringSecurityAuthenticationSourceTests {
 	public void expectedPrincipalIsReturned() {
 		LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence();
 		user.setUsername("joe");
-		user.setDn(new DistinguishedName("uid=joe,ou=users"));
+		user.setDn(LdapNameBuilder.newInstance("uid=joe,ou=users").build());
 		AuthenticationSource source = new SpringSecurityAuthenticationSource();
 		SecurityContextHolder.getContext()
 			.setAuthentication(new TestingAuthenticationToken(user.createUserDetails(), null));
@@ -93,7 +93,7 @@ public class SpringSecurityAuthenticationSourceTests {
 	public void getPrincipalWhenCustomSecurityContextHolderStrategyThenExpectedPrincipalIsReturned() {
 		LdapUserDetailsImpl.Essence user = new LdapUserDetailsImpl.Essence();
 		user.setUsername("joe");
-		user.setDn(new DistinguishedName("uid=joe,ou=users"));
+		user.setDn(LdapNameBuilder.newInstance("uid=joe,ou=users").build());
 		SecurityContextHolderStrategy strategy = mock(SecurityContextHolderStrategy.class);
 		given(strategy.getContext())
 			.willReturn(new SecurityContextImpl(new TestingAuthenticationToken(user.createUserDetails(), null)));

ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java

@@ -23,7 +23,7 @@ import org.junit.jupiter.api.Test;
 import org.springframework.ldap.CommunicationException;
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DirContextOperations;
-import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.ldap.support.LdapNameBuilder;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -165,12 +165,12 @@ public class LdapAuthenticationProviderTests {
 			String username = authentication.getName();
 			String password = (String) authentication.getCredentials();
 			if (username.equals("ben") && password.equals("benspassword")) {
-				ctx.setDn(new DistinguishedName("cn=ben,ou=people,dc=springframework,dc=org"));
+				ctx.setDn(LdapNameBuilder.newInstance("cn=jen,ou=people,dc=springframework,dc=org").build());
 				ctx.setAttributeValue("userPassword", "{SHA}nFCebWjxfaLbHHG1Qk5UU4trbvQ=");
 				return ctx;
 			}
 			else if (username.equals("jen") && password.equals("")) {
-				ctx.setDn(new DistinguishedName("cn=jen,ou=people,dc=springframework,dc=org"));
+				ctx.setDn(LdapNameBuilder.newInstance("cn=jen,ou=people,dc=springframework,dc=org").build());
 				return ctx;
 			}
 			throw new BadCredentialsException("Authentication failed.");

ldap/src/test/java/org/springframework/security/ldap/jackson2/InetOrgPersonMixinTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,7 +24,7 @@ import org.junit.jupiter.api.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
 
 import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.ldap.support.LdapNameBuilder;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 import org.springframework.security.ldap.userdetails.InetOrgPerson;
@@ -165,7 +165,7 @@ public class InetOrgPersonMixinTests {
 
 	private DirContextAdapter createUserContext() {
 		DirContextAdapter ctx = new DirContextAdapter();
-		ctx.setDn(new DistinguishedName("ignored=ignored"));
+		ctx.setDn(LdapNameBuilder.newInstance("ignored=ignored").build());
 		ctx.setAttributeValue("uid", "ghengis");
 		ctx.setAttributeValue("userPassword", USER_PASSWORD);
 		ctx.setAttributeValue("carLicense", "HORS1");

ldap/src/test/java/org/springframework/security/ldap/jackson2/LdapUserDetailsImplMixinTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,7 +24,7 @@ import org.junit.jupiter.api.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
 
 import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.ldap.support.LdapNameBuilder;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;
@@ -118,7 +118,7 @@ public class LdapUserDetailsImplMixinTests {
 
 	private DirContextAdapter createUserContext() {
 		DirContextAdapter ctx = new DirContextAdapter();
-		ctx.setDn(new DistinguishedName("ignored=ignored"));
+		ctx.setDn(LdapNameBuilder.newInstance("ignored=ignored").build());
 		ctx.setAttributeValue("userPassword", USER_PASSWORD);
 		return ctx;
 	}

ldap/src/test/java/org/springframework/security/ldap/jackson2/PersonMixinTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,7 +24,7 @@ import org.junit.jupiter.api.Test;
 import org.skyscreamer.jsonassert.JSONAssert;
 
 import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.ldap.support.LdapNameBuilder;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.jackson2.SecurityJackson2Modules;
 import org.springframework.security.ldap.userdetails.Person;
@@ -125,7 +125,7 @@ public class PersonMixinTests {
 
 	private DirContextAdapter createUserContext() {
 		DirContextAdapter ctx = new DirContextAdapter();
-		ctx.setDn(new DistinguishedName("ignored=ignored"));
+		ctx.setDn(LdapNameBuilder.newInstance("ignored=ignored").build());
 		ctx.setAttributeValue("userPassword", USER_PASSWORD);
 		ctx.setAttributeValue("cn", "Ghengis Khan");
 		ctx.setAttributeValue("description", "Scary");

ldap/src/test/java/org/springframework/security/ldap/userdetails/InetOrgPersonTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,7 +22,7 @@ import java.util.Set;
 import org.junit.jupiter.api.Test;
 
 import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.ldap.support.LdapNameBuilder;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
@@ -95,7 +95,7 @@ public class InetOrgPersonTests {
 		DirContextAdapter ctx2 = new DirContextAdapter();
 		ctx1.setAttributeValues("objectclass",
 				new String[] { "top", "person", "organizationalPerson", "inetOrgPerson" });
-		ctx2.setDn(new DistinguishedName("ignored=ignored"));
+		ctx2.setDn(LdapNameBuilder.newInstance("ignored=ignored").build());
 		InetOrgPerson p = (InetOrgPerson) (new InetOrgPerson.Essence(ctx1)).createUserDetails();
 		p.populateContext(ctx2);
 		assertThat(ctx2).isEqualTo(ctx1);
@@ -105,7 +105,7 @@ public class InetOrgPersonTests {
 	public void copyMatchesOriginalData() {
 		DirContextAdapter ctx1 = createUserContext();
 		DirContextAdapter ctx2 = new DirContextAdapter();
-		ctx2.setDn(new DistinguishedName("ignored=ignored"));
+		ctx2.setDn(LdapNameBuilder.newInstance("ignored=ignored").build());
 		ctx1.setAttributeValues("objectclass",
 				new String[] { "top", "person", "organizationalPerson", "inetOrgPerson" });
 		InetOrgPerson p = (InetOrgPerson) (new InetOrgPerson.Essence(ctx1)).createUserDetails();
@@ -116,7 +116,7 @@ public class InetOrgPersonTests {
 
 	private DirContextAdapter createUserContext() {
 		DirContextAdapter ctx = new DirContextAdapter();
-		ctx.setDn(new DistinguishedName("ignored=ignored"));
+		ctx.setDn(LdapNameBuilder.newInstance("ignored=ignored").build());
 		ctx.setAttributeValue("uid", "ghengis");
 		ctx.setAttributeValue("userPassword", "pillage");
 		ctx.setAttributeValue("carLicense", "HORS1");

ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsMapperTests.java

@@ -22,7 +22,7 @@ import javax.naming.directory.BasicAttributes;
 import org.junit.jupiter.api.Test;
 
 import org.springframework.ldap.core.DirContextAdapter;
-import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.ldap.support.LdapNameBuilder;
 import org.springframework.security.core.authority.AuthorityUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -58,7 +58,7 @@ public class LdapUserDetailsMapperTests {
 		mapper.setRoleAttributes(new String[] { "userRole", "nonRetrievedAttribute" });
 		BasicAttributes attrs = new BasicAttributes();
 		attrs.put(new BasicAttribute("userRole", "x"));
-		DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName"));
+		DirContextAdapter ctx = new DirContextAdapter(attrs, LdapNameBuilder.newInstance("cn=someName").build());
 		ctx.setAttributeValue("uid", "ani");
 		LdapUserDetailsImpl user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani",
 				AuthorityUtils.NO_AUTHORITIES);
@@ -72,7 +72,7 @@ public class LdapUserDetailsMapperTests {
 		mapper.setPasswordAttributeName("myappsPassword");
 		BasicAttributes attrs = new BasicAttributes();
 		attrs.put(new BasicAttribute("myappsPassword", "mypassword".getBytes()));
-		DirContextAdapter ctx = new DirContextAdapter(attrs, new DistinguishedName("cn=someName"));
+		DirContextAdapter ctx = new DirContextAdapter(attrs, LdapNameBuilder.newInstance("cn=someName").build());
 		ctx.setAttributeValue("uid", "ani");
 		LdapUserDetails user = (LdapUserDetailsImpl) mapper.mapUserFromContext(ctx, "ani",
 				AuthorityUtils.NO_AUTHORITIES);

ldap/src/test/java/org/springframework/security/ldap/userdetails/LdapUserDetailsServiceTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@ import org.junit.jupiter.api.Test;
 
 import org.springframework.ldap.core.DirContextAdapter;
 import org.springframework.ldap.core.DirContextOperations;
-import org.springframework.ldap.core.DistinguishedName;
+import org.springframework.ldap.support.LdapNameBuilder;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -53,7 +53,7 @@ public class LdapUserDetailsServiceTests {
 
 	@Test
 	public void correctAuthoritiesAreReturned() {
-		DirContextAdapter userData = new DirContextAdapter(new DistinguishedName("uid=joe"));
+		DirContextAdapter userData = new DirContextAdapter(LdapNameBuilder.newInstance("uid=joe").build());
 		LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(userData),
 				new MockAuthoritiesPopulator());
 		service.setUserDetailsMapper(new LdapUserDetailsMapper());
@@ -65,7 +65,7 @@ public class LdapUserDetailsServiceTests {
 
 	@Test
 	public void nullPopulatorConstructorReturnsEmptyAuthoritiesList() {
-		DirContextAdapter userData = new DirContextAdapter(new DistinguishedName("uid=joe"));
+		DirContextAdapter userData = new DirContextAdapter(LdapNameBuilder.newInstance("uid=joe").build());
 		LdapUserDetailsService service = new LdapUserDetailsService(new MockUserSearch(userData));
 		UserDetails user = service.loadUserByUsername("doesntmatterwegetjoeanyway");
 		assertThat(user.getAuthorities()).isEmpty();