...
Notice the populator is no longer DefaultLdapAuthoritiesPopulator. Instead, we've defined NestedLdapAuthoritiesPopulator which subclasses DefaultLdapAuthoritiesPopulator and adds a mapping for extra roles. In the extraRolesMapping, the keys are child roles and the values are parent roles.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<bean id="populator" class="org.pentaho.platform.plugin.services.security.userrole.ldap.NestedLdapAuthoritiesPopulator">
<!-- omitted -->
<property name="extraRolesMapping">
<map>
<entry key="ceo" value="bireporting" />
<entry key="cto" value="bireporting" />
</map>
</property>
</bean>
|
...
If the roles that serve as "parents" to nested roles cannot be returned by a traditional all authorities search, you'll need to add the parents to the list returned by your existing all authorities search using a transformer. The ExtraRoles transformer handles this.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<bean id="allAuthoritiesSearch" class="org.pentaho.platform.plugin.services.security.userrole.ldap.search.GenericLdapSearch">
<!-- omitted -->
<constructor-arg index="2">
<bean class="org.apache.commons.collections.functors.ChainedTransformer">
<constructor-arg index="0">
<list>
<bean class="org.pentaho.platform.plugin.services.security.userrole.ldap.transform.SearchResultToAttrValueList">
<!-- omitted -->
</bean>
<bean class="org.pentaho.platform.plugin.services.security.userrole.ldap.transform.ExtraRoles">
<property name="extraRoles">
<set>
<value>bireporting</value>
</set>
</property>
</bean>
<bean class="org.pentaho.platform.plugin.services.security.userrole.ldap.transform.StringToGrantedAuthority">
<!-- omitted -->
</bean>
</list>
</constructor-arg>
</bean>
</constructor-arg>
</bean>
|
...