How to modify Authority after loading it from LDAP

[javabuddy_spring]

Hi,

I would like to add few more authority and access related stuff once authentication is successful from LDAP. i am using spring security for LDAP authentication and loading authority. is there any way I can modify or add something in Authorities after successful login.

Thanks

[dstine]

We did this with a custom LdapUserDetailsMapper:


public class CustomUserDetailsMapper extends LdapUserDetailsMapper
{
@Override
public UserDetails mapUserFromContext( DirContextOperations ctx, String username, Collection<GrantedAuthority> authority )
{
UserDetails originalUser = super.mapUserFromContext( ctx, username, authority );

// Current authorities come from LDAP groups

List<String> newAuthorities = // TODO

Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
for ( String authority : newAuthorities )
{
authorities.add( new GrantedAuthorityImpl( authority ) );
}

User newUser =
new User(
originalUser.getUsername(),
originalUser.getPassword(),
originalUser.isEnabled(),
originalUser.isAccountNonExpired(),
originalUser.isCredentialsNonExpired(),
originalUser.isAccountNonLocked(),
authorities );

return newUser;
}
}


In Spring security context XML, set the user-context-mapper (other attributes may vary):


<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"

...

<beans:bean id="customUserContextMapper" class="com.mycompany.myproject.CustomUserDetailsMa pper"/>

<authentication-manager>
<ldap-authentication-provider
user-dn-pattern="cn={0},cn=users,dc=mycompany,dc=com"
user-search-base="cn=users,dc=mycompany,dc=com"
user-search-filter="(uid={0})"
user-context-mapper-ref="customUserContextMapper"
/>
</authentication-manager>

[javabuddy_spring]

Looks great, thanks for your code example , I am going to try this method and let you know if it works for me. Any consideration while copying UserDetails ?