Do we need to write CustomActiveDirectoryLdapAuthenticationProvider if we want to get user details from ActiveDirectory

后端 未结 1 1864
深忆病人
深忆病人 2021-01-23 12:35

If we need to get User attributes from ActiveDirectory like name, sn etc. can\'t we configure using Specialized LDAP authentication provider which uses Active Directory configur

相关标签:
1条回答
  • 2021-01-23 13:13

    You do not. Spring Security comes with an UserDetailsContextMapper interface

    /**
     * Creates a fully populated UserDetails object for use by the security framework.
     *
     * @param ctx the context object which contains the user information.
     * @param username the user's supplied login name.
     * @param authorities
     * @return the user object.
     */
    UserDetails mapUserFromContext(DirContextOperations ctx, String username,
            Collection<? extends GrantedAuthority> authorities);
    

    The default implementation, LdapUserDetailsMapper

    Currently only maps the groups returned by the search.

    // Map the roles
    for (int i = 0; (this.roleAttributes != null)
            && (i < this.roleAttributes.length); i++) {
        String[] rolesForAttribute = ctx.getStringAttributes(this.roleAttributes[i]);
    
        if (rolesForAttribute == null) {
            this.logger.debug("Couldn't read role attribute '"
                    + this.roleAttributes[i] + "' for user " + dn);
            continue;
        }
            for (String role : rolesForAttribute) {
            GrantedAuthority authority = createAuthority(role);
                if (authority != null) {
                essence.addAuthority(authority);
            }
        }
    }
    

    However, implementing your own UserDetailsMapper you can retrieve any and all records that come back from LDAP.

    You just decide what attribute you wish to fetch

    Object attribute = ctx.getObjectAttribute("some-ldap-attribute");
    

    This is how you would fetch custom values during an authentication event.

    If you want to just query and search and fetch data from the LDAP directory you can leverage the SpringSecurityLdapTemplate

    It aims to mimic what RestTemplate does for HTTP but for LDAP.

    0 讨论(0)
提交回复
热议问题