<ldap-server url="ldap://host/dn" manager-dn="cn=someuser" manag

1. <ldap-server url="ldap://host/dn"
2. manager-dn="cn=someuser"
3. manager-password="somepass" />
4. <authentication-manager>
5. <ldap-authentication-provider user-search-filter="(samaccountname={0})"/>
6. </authentication-manager>
7.  
8. <bean id="ldapAuthProvider"
9. class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
10. <constructor-arg>
11. <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
12. <constructor-arg ref="contextSource"/>
13. <property name="userDnPatterns">
14. <list><value>uid={0},ou=people</value></list>
15. </property>
16. </bean>
17. </constructor-arg>
18. <constructor-arg>
19. <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
20. <constructor-arg ref="contextSource"/>
21. <constructor-arg value="ou=groups"/>
22. <property name="groupRoleAttribute" value="ou"/>
23. </bean>
24. </constructor-arg>
25. </bean>
26.  
27. <authentication-manager>
28. <authentication-provider ref='ldapAuthProvider'/>
29. </authentication-manager>
30.  
31. <bean id="contextSource"
32. class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
33. <constructor-arg value="ldaps://url/dc=mock,dc=com" />
34. <property name="userDn" value="cn=username,ou=People,dc=mock,dc=com" />
35. <property name="password" value="password" />
36. </bean>
37.  
38. <bean id="ldapAuthProvider"
39. class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
40. <constructor-arg>
41. <bean
42. class="org.springframework.security.ldap.authentication.BindAuthenticator">
43. <constructor-arg ref="contextSource" />
44. <property name="userDnPatterns">
45. <list>
46. <value>uid={0},ou=People</value>
47. </list>
48. </property>
49. </bean>
50. </constructor-arg>
51. <constructor-arg>
52. <bean
53. class="com.mock.MyCustomAuthoritiesPopulator">
54. </bean>
55. </constructor-arg>
56. </bean>
57.  
58. public class MyCustomAuthoritiesPopulator implements LdapAuthoritiesPopulator {
59. public Collection<GrantedAuthority> getGrantedAuthorities(
60. DirContextOperations arg0, String arg1) {
61. ArrayList<GrantedAuthority> list = new ArrayList<GrantedAuthority>();
62. list.add((new SimpleGrantedAuthority("ROLE_USER"));
63. return list;
64. }
65. }
66.  
67. <authentication-manager>
68. <ldap-authentication-provider
69. user-search-filter="sAMAccountName={0}"
70. user-search-base="OU=Users"
71. group-search-filter="(&(objectclass=group)(member={0}))"
72. group-search-base="OU=Groups"
73. user-context-mapper-ref="customUserContextMapper" />
74. </authentication-manager>
75.  
76. <ldap-server url="ldap://url:389/DC=mock,DC=com"
77. manager-dn="manager"
78. manager-password="pass" />
79.  
80. public class MyCustomAuthoritiesPopulator extends
81. DefaultLdapAuthoritiesPopulator {
82.  
83. @Override
84. protected Set<GrantedAuthority> getAdditionalRoles(
85. DirContextOperations user, String username) {
86. Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
87. authorities.add((new SimpleGrantedAuthority("ROLE_USER"));
88. return authorities;
89. }
90.  
91. <authentication-manager>
92. <ldap-authentication-provider... />
93. </authentication-manager>
94.  
95. <ldap-server id="ldapServer" url="${ldap.url}" manager-dn="${ldap.manager.dn}" manager-password="${ldap.manager.password}"/>
96.  
97. <authentication-manager>
98. <ldap-authentication-provider user-search-filter="${ldap.userSearch.filter}" user-search-base="${ldap.searchBase}"
99. group-search-base="${ldap.groupSearchBase}"/>
100. </authentication-manager>
101.  
102. package com.example.access.ldap;
103.  
104. import java.util.Collection;
105.  
106. import org.springframework.security.core.GrantedAuthority;
107. import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
108. import org.springframework.stereotype.Component;
109.  
110. @Component
111. public class UserGrantedAuthoritiesMapper implements GrantedAuthoritiesMapper{
112.  
113. public Collection<? extends GrantedAuthority> mapAuthorities(final Collection<? extends GrantedAuthority> authorities) {
114. ...
115. return roles;
116. }
117. }
118.  
119. package com.example.access.ldap;
120.  
121. import org.springframework.beans.BeansException;
122. import org.springframework.beans.factory.annotation.Autowired;
123. import org.springframework.beans.factory.config.BeanPostProcessor;
124. import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
125. import org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider;
126. import org.springframework.stereotype.Component;
127.  
128. @Component
129. public class AuthenticationProviderPostProcessor implements BeanPostProcessor{
130.  
131. @Autowired
132. private GrantedAuthoritiesMapper grantedAuthoritiesMapper;
133.  
134. @Override
135. public Object postProcessBeforeInitialization(Object bean, String beanName)
136. throws BeansException {
137. return bean;
138. }
139.  
140. @Override
141. public Object postProcessAfterInitialization(Object bean, String beanName)
142. throws BeansException {
143. if(bean != null && bean instanceof AbstractLdapAuthenticationProvider){
144. setProviderAuthoritiesMapper((AbstractLdapAuthenticationProvider)bean);
145. }
146. return bean;
147. }
148.  
149. protected void setProviderAuthoritiesMapper(AbstractLdapAuthenticationProvider authenticationProvider){
150. if(authenticationProvider != null){
151. authenticationProvider.setAuthoritiesMapper(grantedAuthoritiesMapper);
152. }
153. }
154. }