Examples of org.springframework.security.ldap.SpringSecurityLdapTemplate

• org.springframework.security.ldap.SpringSecurityLdapTemplate
  Extension of Spring LDAP's LdapTemplate class which adds extra functionality required by Spring Security. @author Ben Alex @author Luke Taylor @author Filip Hanik @since 2.0

    public DirContextOperations searchForUser(String username) {
        if (logger.isDebugEnabled()) {
            logger.debug("Searching for user '" + username + "', with user search " + this);
        }

        SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(contextSource);

        template.setSearchControls(searchControls);

        try {

            return template.searchForSingleEntry(searchBase, searchFilter, new String[] {username});

        } catch (IncorrectResultSizeDataAccessException notFound) {
            if (notFound.getActualSize() == 0) {
                throw new UsernameNotFoundException("User " + username + " not found in directory.", username);
            }

        DirContextOperations user = null;
        String username = authentication.getName();
        String password = (String)authentication.getCredentials();

        SpringSecurityLdapTemplate ldapTemplate = new SpringSecurityLdapTemplate(getContextSource());

        for (String userDn : getUserDns(username)) {
            try {
                user = ldapTemplate.retrieveEntry(userDn, getUserAttributes());
            } catch (NameNotFoundException ignore) {
            }
            if (user != null) {
                break;
            }

     * @param groupSearchBase          if this is an empty string the search will be performed from the root DN of the
     *                                 context factory. If null, no search will be performed.
     */
    public DefaultLdapAuthoritiesPopulator(ContextSource contextSource, String groupSearchBase) {
        Assert.notNull(contextSource, "contextSource must not be null");
        ldapTemplate = new SpringSecurityLdapTemplate(contextSource);
        getLdapTemplate().setSearchControls(getSearchControls());
        this.groupSearchBase = groupSearchBase;

        if (groupSearchBase == null) {
            logger.info("groupSearchBase is null. No group search will be performed.");

    private SpringSecurityLdapTemplate template;

    @Before
    public void setUp() throws Exception {
        mgr = new LdapUserDetailsManager(getContextSource());
        template = new SpringSecurityLdapTemplate(getContextSource());
        DirContextAdapter ctx = new DirContextAdapter();

        ctx.setAttributeValue("objectclass", "organizationalUnit");
        ctx.setAttributeValue("ou", "test people");
        template.bind("ou=test people", ctx, null);

    mapper.setTokenName( "cn" ); //$NON-NLS-1$
    mapper.setRolePrefix( "" ); //$NON-NLS-1$
    mapper.setRoleAttributes( new String[] { "uniqueMember" } ); //$NON-NLS-1$

    // get the user record
    DirContextOperations ctx = new SpringSecurityLdapTemplate( getContextSource() ).retrieveEntry( "uid=suzy,ou=users", //$NON-NLS-1$
        null );

    // get any roles that aren't in the user record
    Set<String> extraRoles =
        new SpringSecurityLdapTemplate( getContextSource() ).searchForSingleAttributeValues(
            "ou=roles", "roleoccupant={0}", new String[] { "uid=suzy,ou=users,dc=pentaho,dc=org", "suzy" }, "cn" ); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$ //$NON-NLS-5$

    GrantedAuthority[] authorities = new GrantedAuthority[extraRoles.size()];
    int i = 0;
    for ( String extraRole : extraRoles ) {

    unionizer.setPopulators( populators );

    unionizer.afterPropertiesSet();

    // get the user record
    DirContextOperations ctx = new SpringSecurityLdapTemplate( getContextSource() ).retrieveEntry( "uid=suzy,ou=users", //$NON-NLS-1$
        null );

    GrantedAuthority[] auths = unionizer.getGrantedAuthorities( ctx, "suzy" ); //$NON-NLS-1$

    assertTrue( null != auths && auths.length > 0 );

     * @param groupSearchBase          if this is an empty string the search will be performed from the root DN of the
     *                                 context factory.
     */
    public DefaultLdapAuthoritiesPopulator(ContextSource contextSource, String groupSearchBase) {
        Assert.notNull(contextSource, "contextSource must not be null");
        ldapTemplate = new SpringSecurityLdapTemplate(contextSource);
        ldapTemplate.setSearchControls(searchControls);
        setGroupSearchBase(groupSearchBase);
    }

        DirContextOperations user = null;
        String username = authentication.getName();
        String password = (String)authentication.getCredentials();

        SpringSecurityLdapTemplate ldapTemplate = new SpringSecurityLdapTemplate(getContextSource());

        for (String userDn : getUserDns(username)) {
            try {
                user = ldapTemplate.retrieveEntry(userDn, getUserAttributes());
            } catch (NameNotFoundException ignore) {
            }
            if (user != null) {
                break;
            }
        }

        if (user == null && getUserSearch() != null) {
            user = getUserSearch().searchForUser(username);
        }

        if (user == null) {
            throw new UsernameNotFoundException("User not found: " + username, username);
        }

        if (logger.isDebugEnabled()) {
            logger.debug("Performing LDAP compare of password attribute '" + passwordAttributeName + "' for user '" +
                    user.getDn() +"'");
        }

        String encodedPassword = passwordEncoder.encodePassword(password, null);
        byte[] passwordBytes = LdapUtils.getUtf8Bytes(encodedPassword);

        if (!ldapTemplate.compare(user.getDn().toString(), passwordAttributeName, passwordBytes)) {
            throw new BadCredentialsException(messages.getMessage("PasswordComparisonAuthenticator.badCredentials",
                    "Bad credentials"));
        }

        return user;

    public DirContextOperations searchForUser(String username) {
        if (logger.isDebugEnabled()) {
            logger.debug("Searching for user '" + username + "', with user search " + this);
        }

        SpringSecurityLdapTemplate template = new SpringSecurityLdapTemplate(contextSource);

        template.setSearchControls(searchControls);

        try {

            return template.searchForSingleEntry(searchBase, searchFilter, new String[] {username});

        } catch (IncorrectResultSizeDataAccessException notFound) {
            if (notFound.getActualSize() == 0) {
                throw new UsernameNotFoundException("User " + username + " not found in directory.", username);
            }

     * @param template
     * @return
     */
    public static SpringSecurityLdapTemplate getLdapTemplateInContext(
            final DirContext ctx,final SpringSecurityLdapTemplate template) {
        SpringSecurityLdapTemplate authTemplate;
        if (ctx == null) {
            authTemplate = template;
            ((AbstractContextSource)authTemplate.getContextSource()).setAnonymousReadOnly(true);
        } else {
            // if we have the authenticated context we build a new LdapTemplate
            // using it
            authTemplate = new SpringSecurityLdapTemplate(new ContextSource() {

                @Override
                public DirContext getReadOnlyContext() throws NamingException {
                    return ctx;
                }