Results 1 to 4 of 4

Thread: Is it possible to modify authentication authorities at authentication time?

  1. Sep 27th, 2012, 09:25 AM #1
    icfantv
    icfantv is offline Junior Member
    Join Date
    Aug 2010
    Location
    Broomfield, CO
    Posts
    20

    Question Is it possible to modify authentication authorities at authentication time?

    We're authenticating against LDAP and our Authentication object's GrantedAuthorities are correctly populating with a user's roles from our LDAP database.

    What I'd like to know is if there's a way to dynamically modify those roles (authorities) on the fly before the Authentication object is constructed (the only way GrantedAuthorities can be set on an Authentication object is at object construction time).

    I'm thinking there's got to be some class I can extend and register to execute this behavior, I just don't know what class and what method.

    Thanks.
    Last edited by icfantv; Sep 28th, 2012 at 09:42 AM. Reason: typo
    Reply With Quote Reply With Quote
  2. Oct 1st, 2012, 06:09 PM #2
    arthomps
    arthomps is offline Senior Member
    Join Date
    Dec 2008
    Location
    New York City
    Posts
    135

    Default

    Quote Originally Posted by icfantv View Post
    We're authenticating against LDAP and our Authentication object's GrantedAuthorities are correctly populating with a user's roles from our LDAP database.

    What I'd like to know is if there's a way to dynamically modify those roles (authorities) on the fly before the Authentication object is constructed (the only way GrantedAuthorities can be set on an Authentication object is at object construction time).

    I'm thinking there's got to be some class I can extend and register to execute this behavior, I just don't know what class and what method.

    Thanks.
    You need to wire in a custom userdetailsservice. That will allow you to update authorities with whatever you need.
    Andrew Thompson - Linked In
    Reply With Quote Reply With Quote
  3. Oct 1st, 2012, 06:30 PM #3
    icfantv
    icfantv is offline Junior Member
    Join Date
    Aug 2010
    Location
    Broomfield, CO
    Posts
    20

    Default

    Thanks for the reply. So would this mean using the user-details-class attribute on the <ldap-authentication-provider> element?

    I'm also seeing the option for a user-context-mapper-ref attribute and after looking at section 19.4.6 in the SS docs and the API, it's not clear because I see that I can set a context mapper on the LdapUserDetailsService, which I assume is the default UserDetailsService used when doing LDAP authentication barring no other wiring. If I'm reading section 19.4.6 correctly, I think the method I want to implement would be UserDetailsContextMapper.mapUserFromContext(DirCon textOperations ctx, String username, Collection<GrantedAuthority> authorities).

    Thanks again.
    Reply With Quote Reply With Quote
  4. Oct 1st, 2012, 06:48 PM #4
    arthomps
    arthomps is offline Senior Member
    Join Date
    Dec 2008
    Location
    New York City
    Posts
    135

    Default

    that sounds correct.
    Andrew Thompson - Linked In
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules