Sep 27th, 2012, 09:25 AM
Is it possible to modify authentication authorities at authentication time?
We're authenticating against LDAP and our Authentication object's GrantedAuthorities are correctly populating with a user's roles from our LDAP database.
What I'd like to know is if there's a way to dynamically modify those roles (authorities) on the fly before the Authentication object is constructed (the only way GrantedAuthorities can be set on an Authentication object is at object construction time).
I'm thinking there's got to be some class I can extend and register to execute this behavior, I just don't know what class and what method.
Last edited by icfantv; Sep 28th, 2012 at 09:42 AM.
Oct 1st, 2012, 06:09 PM
You need to wire in a custom userdetailsservice. That will allow you to update authorities with whatever you need.
Originally Posted by icfantv
Oct 1st, 2012, 06:30 PM
Thanks for the reply. So would this mean using the user-details-class attribute on the <ldap-authentication-provider> element?
I'm also seeing the option for a user-context-mapper-ref attribute and after looking at section 19.4.6 in the SS docs and the API, it's not clear because I see that I can set a context mapper on the LdapUserDetailsService, which I assume is the default UserDetailsService used when doing LDAP authentication barring no other wiring. If I'm reading section 19.4.6 correctly, I think the method I want to implement would be UserDetailsContextMapper.mapUserFromContext(DirCon textOperations ctx, String username, Collection<GrantedAuthority> authorities).
Oct 1st, 2012, 06:48 PM
Tags for this Thread