Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Note: For 2.x, you need to use the two classes (NestedLdapAuthoritiesPopulator and ExtraRoles) in a JAR attached to this page. Also note that for 2.x, the package names for NestedLdapAuthoritiesPopulator and ExtraRoles differ from the package names shown here. For 3.x, the classes are included in the distribution.

Describing the Nesting

Notice the populator is no longer DefaultLdapAuthoritiesPopulator. Instead, we've defined NestedLdapAuthoritiesPopulator which subclasses DefaultLdapAuthoritiesPopulator and adds a mapping for extra roles. In the extraRolesMapping, the keys are child roles and the values are parent roles.

Code Block
xml
xml
titleapplicationContext-acegi-security-ldap.xml
<bean id="populator" class="org.pentaho.platform.plugin.services.security.userrole.ldap.NestedLdapAuthoritiesPopulator">
  <!-- omitted -->
  <property name="extraRolesMapping">
    <map>
      <entry key="ceo" value="bireporting" />
      <entry key="cto" value="bireporting" />
    </map>
  </property>
</bean>

All Authorities Search

If the roles that serve as "parents" to nested roles cannot be returned by a traditional all authorities search, you'll need to add the parents to the list returned by your existing all authorities search using a transformer. The ExtraRoles transformer handles this.

Code Block
xml
xml
titleapplicationContext-pentaho-security-ldap.xml
<bean id="allAuthoritiesSearch" class="org.pentaho.platform.plugin.services.security.userrole.ldap.search.GenericLdapSearch">
<!-- omitted -->
  <constructor-arg index="2">
    <bean class="org.apache.commons.collections.functors.ChainedTransformer">
      <constructor-arg index="0">
        <list>
          <bean class="org.pentaho.platform.plugin.services.security.userrole.ldap.transform.SearchResultToAttrValueList">
            <!-- omitted -->
          </bean>
          <bean class="org.pentaho.platform.plugin.services.security.userrole.ldap.transform.ExtraRoles">
            <property name="extraRoles">
              <set>
                <value>bireporting</value>
              </set>
            </property>
          </bean>
          <bean class="org.pentaho.platform.plugin.services.security.userrole.ldap.transform.StringToGrantedAuthority">
            <!-- omitted -->
          </bean>
        </list>
      </constructor-arg>
    </bean>
  </constructor-arg>
</bean>

References

http://forum.springframework.org/showthread.php?t=28007