org.springframework.security.ldap.authentication.ad

Class Hotfix3960ActiveDirectoryLdapAuthenticationProvider

java.lang.Object

org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

org.springframework.security.ldap.authentication.ad.Hotfix3960ActiveDirectoryLdapAuthenticationProvider

All Implemented Interfaces:

org.springframework.beans.factory.Aware, org.springframework.context.MessageSourceAware, org.springframework.security.authentication.AuthenticationProvider

public final class Hotfix3960ActiveDirectoryLdapAuthenticationProvider
extends org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

This class is a copy of ActiveDirectoryLdapAuthenticationProvider of Spring Security, fixing issue #3960 since there's not upstream fix yet. Please remove this class as soon as possible when upstream fix is available. Upstream Issue: https://github.com/spring-projects/spring-security/issues/3960 See also in ZOE-Jira: http://jira.dm-drogeriemarkt.com/browse/ZOE-1661 FIXME: remove this class as soon as there's a fix for issue #3960 in Spring Security upstream!

Field Summary

Fields inherited from class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

logger, messages, userDetailsContextMapper

Constructor Summary

Constructors

Constructor and Description
Hotfix3960ActiveDirectoryLdapAuthenticationProvider(String domain, String url)
Hotfix3960ActiveDirectoryLdapAuthenticationProvider(String domain, String url, String rootDn)

Method Summary

Modifier and Type	Method and Description
protected org.springframework.ldap.core.DirContextOperations	doAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken auth)
protected Collection<? extends org.springframework.security.core.GrantedAuthority>	loadUserAuthorities(org.springframework.ldap.core.DirContextOperations userData, String username, String password) Creates the user authority list from the values of the memberOf attribute obtained from the user's Active Directory entry.
void	setConvertSubErrorCodesToExceptions(boolean convertSubErrorCodesToExceptions) By default, a failed authentication (LDAP error 49) will result in a BadCredentialsException.
void	setSearchFilter(String searchFilter) The LDAP filter string to search for the user being authenticated.

Methods inherited from class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

authenticate, createSuccessfulAuthentication, getUserDetailsContextMapper, setAuthoritiesMapper, setMessageSource, setUseAuthenticationRequestCredentials, setUserDetailsContextMapper, supports

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Hotfix3960ActiveDirectoryLdapAuthenticationProvider

public Hotfix3960ActiveDirectoryLdapAuthenticationProvider(String domain,
                                                           String url,
                                                           String rootDn)

Parameters:

domain - the domain name (may be null or empty)

url - an LDAP url (or multiple URLs)

rootDn - the root DN (may be null or empty)

Hotfix3960ActiveDirectoryLdapAuthenticationProvider

public Hotfix3960ActiveDirectoryLdapAuthenticationProvider(String domain,
                                                           String url)

Parameters:

domain - the domain name (may be null or empty)

url - an LDAP url (or multiple URLs)

Method Detail

doAuthentication

protected org.springframework.ldap.core.DirContextOperations doAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken auth)

Specified by:

doAuthentication in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

loadUserAuthorities

protected Collection<? extends org.springframework.security.core.GrantedAuthority> loadUserAuthorities(org.springframework.ldap.core.DirContextOperations userData,
                                                                                                       String username,
                                                                                                       String password)

Creates the user authority list from the values of the memberOf attribute obtained from the user's Active Directory entry.

Specified by:

loadUserAuthorities in class org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider

setConvertSubErrorCodesToExceptions

public void setConvertSubErrorCodesToExceptions(boolean convertSubErrorCodesToExceptions)

By default, a failed authentication (LDAP error 49) will result in a BadCredentialsException.

If this property is set to true, the exception message from a failed bind attempt will be parsed for the AD-specific error code and a CredentialsExpiredException, DisabledException, AccountExpiredException or LockedException will be thrown for the corresponding codes. All other codes will result in the default BadCredentialsException.

Parameters:

convertSubErrorCodesToExceptions - true to raise an exception based on the AD error code.

setSearchFilter

public void setSearchFilter(String searchFilter)

The LDAP filter string to search for the user being authenticated. Occurrences of {0} are replaced with the username@domain.

Defaults to: (&(objectClass=user)(userPrincipalName= 0))}

Parameters:

searchFilter - the filter string

Since:

3.2.6