0

I am using OpenDS for Authentication of my Application. I am able to Authenticate the user successfully but not able get the roles of the user. The following is the configuration in the XML file.....

<bean id="secondLdapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch">
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="ou=people"/>
<constructor-arg index="1" value="(uid={0})"/>
<constructor-arg index="2" ref="contextSource" />
</bean>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource" />
<constructor-arg value="ou=groups" />
<property name="groupSearchFilter" value="(member={0})"/>
<property name="rolePrefix" value="ROLE_"/>
<property name="searchSubtree" value="true"/>
<property name="convertToUpperCase" value="true"/>
</bean>
</constructor-arg>
</bean>

Please help me to get the roles.

Community
  • 1
  • 1
Anil
  • 1
  • 1
  • 1

1 Answers1

3
 Collection<? extends GrantedAuthority> roles = SecurityContextHolder.getContext().getAuthentication().getAuthorities();

That will return you the roles ("authorities") as found by the DefaultLdapAuthoritiesPopulator

The search-filter is "(member={0})" in ou "groups", ie roles are retrieved by searching for entries in the "groups" ou with a "member" attribute with value matching the users dn. In your example ldif in the comment below, it looks like you use "uniqueMember" instead of "member" as your group membership attribute,

If you read the documentation carefully (http://static.springsource.org/spring-security/site/docs/3.1.x/apidocs/org/springframework/security/ldap/userdetails/DefaultLdapAuthoritiesPopulator.html) you'll see examples of ldif and how the different attributes map in the populator.

pap
  • 27,064
  • 6
  • 41
  • 46
  • Yes, But I am not getting any roles when I check the lenght of the list. The following is the LDIF from OpenDS, the role which the user has. dn: cn=role1,ou=Groups,dc=anil,dc=com cn: role1 objectClass: top objectClass: groupOfUniqueNames uniqueMember: uid=user.2,ou=People,dc=anil,dc=com uniqueMember: uid=user1,ou=People,dc=anil,dc=com here for the user1 role1 is given. But when I tried to get the roles for user1 It is not returning any roles. I feel I am missing some config params in the xml. –  Sep 21 '11 at 03:58