Skip to content

SEC-2163: Adding support for LdapAuthoritiesPopulator to Spring Active-Directory Authentication provider class #2390

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
spring-projects-issues opened this issue Apr 26, 2013 · 5 comments
Closed

SEC-2163: Adding support for LdapAuthoritiesPopulator to Spring Active-Directory Authentication provider class #2390

spring-projects-issues opened this issue Apr 26, 2013 · 5 comments
Assignees
@rwinch
Labels
in: ldap An issue in spring-security-ldap type: enhancement A general enhancement type: jira An issue that was migrated from JIRA

Comments

@spring-projects-issues
Copy link

spring-projects-issues commented Apr 26, 2013
edited by rwinch
Loading

Greg Turnquist (Migrated from SEC-2163) said:

Adding support for LdapAuthoritiesPopulator to Spring Active-Directory Authentication provider class.
Attached:
Modified version of - org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.java
Based on the same original Spring source file, I have performed four code edits:
renamed method: loadUserAuthorities to loadUserAuthoritiesFromMemberOf (line 170)
added method: @OverRide loadUserAuthorities - for extended functionality (line 138)
added constructor: public ActiveDirectoryLdapAuthenticationProvider(String domain, String url, LdapAuthoritiesPopulator externalAuthoritiesPopulator) (line 110)
added member: private LdapAuthoritiesPopulator externalAuthoritiesPopulator (line 86)
and added one sentence comment at line 34 and author annotation at line 66
The following is standard code snippet using Spring Security 3.1.3 -
Usage without populator (present) -

<bean id="adAuthenticationProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<constructor-arg value="$
{ActiveDirectoryLdap.domain}" />
<constructor-arg value="${ActiveDirectoryLdap.url}" />
</bean>


Usage with populator (proposed) -
<bean id="adAuthenticationProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<constructor-arg value="${ActiveDirectoryLdap.domain}
" />
<constructor-arg value="$
{ActiveDirectoryLdap.url}
" />
<constructor-arg><!-- Optional parameter -->
<bean class="com.yourpackage.jaas.ad.AppAuthoritiesPopulatorImpl">
<property name="appService" >
<bean class="com.yourpackage.service.AppService" >
<property name="userRoleDAO" >
<bean class="com.yourpackage.dao.UserRoleDAO" >
<property name="sessionFactory" ref="sessionFactory" />
</bean>
</property>
</bean>
</property>
</bean>
</constructor-arg>  
</bean>
<!-- describing above dependency references -->
<bean id="sessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource"></property>
...
</bean>
<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="$
{yourJndi}
"></property>
...
</bean>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="adAuthenticationProvider" />
</sec:authentication-manager>
@spring-projects-issues
Copy link
Author

Srimanta Roy said:

Thanks Greg Turnquist.
See if you can assign it to the original author Luke Taylor.
If he would like, may optionally add a method protected LdapAuthoritiesPopulator getAuthoritiesPopulator()
as in org.springframework.security.ldap.authentication.LdapAuthenticationProvider; just to keep similarity and good to have.

Thanks.

  • Srimanta Roy.

@spring-projects-issues
Copy link
Author

Michael said:

Are there plans to integrate this somewhen - is there anything missing?

@spring-projects-issues spring-projects-issues added in: ldap An issue in spring-security-ldap Open type: enhancement A general enhancement type: jira An issue that was migrated from JIRA labels Feb 5, 2016
@jefferyyuan
Copy link

jefferyyuan commented Jun 14, 2016
edited
Loading

Is there plan to support this?

@rwinch rwinch added this to the 4.2.0 M1 milestone Jun 14, 2016
@rwinch
Copy link
Member

rwinch commented Jun 14, 2016

@jefferyyuan Thanks for the nudge. I have added this to 4.2.0 M1 release plan.

NOTE: Migrating the submitted code to a PR would be quite welcome.

@tkuyper tkuyper mentioned this issue Jun 19, 2016
Closed
@rwinch rwinch removed this from the 4.2.0 M1 milestone Sep 23, 2016
@rwinch
Copy link
Member

rwinch commented Sep 23, 2016

Closing in favor of #4064

@rwinch rwinch closed this as completed Sep 23, 2016
@rwinch rwinch self-assigned this Sep 23, 2016
@jgrandja jgrandja mentioned this issue Sep 23, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rwinch rwinch

Labels
in: ldap An issue in spring-security-ldap type: enhancement A general enhancement type: jira An issue that was migrated from JIRA
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rwinch @jefferyyuan @spring-projects-issues