Pregunta
I've got my Spring MVC application in which I use LDAP for authentication and MySQL database for authorization. There is ldap-config.xml file below.
https://stackoverflow.com/questions/23677274
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldap://myLdapServerIp" />
<property name="base" value="ou=people,dc=company,dc=int" />
</bean>
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean
class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userDnPatterns">
<list>
<value>uid={0}</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean id="authorities" class="com.package.security.MyLDAPAuthorities">
</bean>
</constructor-arg>
</bean>
<bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<constructor-arg ref="ldapAuthProvider" />
</bean>
And class MyLDAPAuthorities simply gets roles from database.
@Service
public class MyLDAPAuthorities implements LdapAuthoritiesPopulator {
@Autowired
UserDao userDao;
@Override
public Collection<? extends GrantedAuthority> getGrantedAuthorities(
DirContextOperations userData, String username) {
User user= userDao.findUserByName(username);
Collection<Role> userPermission = user.getRoles();
Collection<MyGrantedAuthority> authorities = new ArrayList<>();
for(Role r : userPermission){
authorities.add(new MyGrantedAuthority(r.getPk().getRole().toString()));
}
return authorities;
}
}
This works fine but i would like to add some other staff from database to User(Principal?) bean and be able to use this data in my web application in any time. I suppose I should implement UserDetailsService and connect it with Spring but although I read quite a lot, I don't know how to do it in my case. Maybe my approach is wrong and I should change it completely? Thanks in advance for any help or tips.
Solución
Your best bet is probably to follow the instructions in the manual on using a UserDetailsContextMapper with LDAP.
Since you want to call the database here, I would use a NullLdapAuthoritiesPolulator and just load all the data, including the user roles, in your UserDetailsContextMapper. That way you'll avoid having to make two database calls.
