Spring Security - Retrieving Role of a User
I am using OpenDS for Authentication of my Application. I am able to Authenticate the user successfully but not able get the roles of the user. The following is the configuration in the XML file.....
<bean id="secondLdapProvider" 开发者_StackOverflow中文版class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch">
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="ou=people"/>
<constructor-arg index="1" value="(uid={0})"/>
<constructor-arg index="2" ref="contextSource" />
</bean>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="ou=groups" />
<property name="groupSearchFilter" value="(member={0})"/>
<property name="rolePrefix" value="ROLE_"/>
<property name="searchSubtree" value="true"/>
<property name="convertToUpperCase" value="true"/>
</bean>
</constructor-arg>
</bean>
Please help me to get the roles.
Collection<? extends GrantedAuthority> roles = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
That will return you the roles ("authorities") as found by the DefaultLdapAuthoritiesPopulator
The search-filter is "(member={0})" in ou "groups", ie roles are retrieved by searching for entries in the "groups" ou with a "member" attribute with value matching the users dn. In your example ldif in the comment below, it looks like you use "uniqueMember" instead of "member" as your group membership attribute,
If you read the documentation carefully (http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.html) you'll see examples of ldif and how the different attributes map in the populator.
精彩评论