Versions Compared

Old Version 73

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Acegi Security doesn't provide an LDAP-based UserDetailsService. So the platform filled that gap with LdapUserDetailsService. LdapUserDetailsService uses an LdapUserSearch, an LdapAuthoritiesPopulator, and an optional LdapUserDetailsMapper. Note that LdapUserSearch, LdapAuthoritiesPopulator, and LdapUserDetailsMapper are highly specialized classes whose purpose is to find a user record, find the roles of that user, and map the attributes of the user record into a UserDetails instance respectively.

Include Page
ServerDoc2x:LDAP Search Filter Tip IncludeServerDoc2x:
LDAP Search Filter Tip Include

...

Note: Why are constructor-arg elements used? Why not call property setters instead? The reason for this is that the only way to set some of the properties in the example below is to pass those properties in during object creation. This enforces the policy that these properties should be set once and never changed.

Include Page
ServerDoc2x:LDAP Search Filter Tip IncludeServerDoc2x:
LDAP Search Filter Tip Include

...

Code Block
xml
xml
titleapplicationContext-pentaho-security-ldap.xml
<!-- be sure to escape ampersands -->
<bean id="allUsernamesSearch"
  class="org.pentaho.platform.plugin.services.security.userrole.ldap.search.GenericLdapSearch">
  <constructor-arg index="0" ref="initialDirContextFactory" />
  <constructor-arg index="1">
  <bean
    class="org.pentaho.platform.plugin.services.security.userrole.ldap.search.LdapSearchParamsFactoryImpl">
    <constructor-arg index="0" value="ou=users" />
    <constructor-arg index="1" value="objectClass=Person" />
  </bean>
  </constructor-arg>
  <constructor-arg index="2">
    <bean
      class="org.pentaho.platform.plugin.services.security.userrole.ldap.transform.SearchResultToAttrValueList">
      <constructor-arg index="0" value="uid" />
    </bean>
  </constructor-arg>

</bean>

<!-- be sure to escape ampersands -->
<bean id="allAuthoritiesSearch"
  class="org.pentaho.platform.plugin.services.security.userrole.ldap.search.GenericLdapSearch">
  <constructor-arg index="0" ref="initialDirContextFactory" />
  <constructor-arg index="1">
    <bean
      class="org.pentaho.platform.plugin.services.security.userrole.ldap.search.LdapSearchParamsFactoryImpl">
      <constructor-arg index="0" value="ou=roles" />
      <constructor-arg index="1" value="objectClass=organizationalRole" />
    </bean>
  </constructor-arg>
  <constructor-arg index="2">
    <bean
      class="org.apache.commons.collections.functors.ChainedTransformer">
      <constructor-arg index="0">
        <list>
          <bean
            class="org.pentaho.platform.plugin.services.security.userrole.ldap.transform.SearchResultToAttrValueList">
            <constructor-arg index="0" value="cn" />
          </bean>
          <bean
            class="org.pentaho.platform.plugin.services.security.userrole.ldap.transform.StringToGrantedAuthority">
            <property name="rolePrefix" value="" />
            <property name="convertToUpperCase" value="false" />
          </bean>
        </list>
      </constructor-arg>
    </bean>
  </constructor-arg>
</bean>

<!-- not currently used -->
<bean id="usernamesInRoleSearch"
  class="org.pentaho.platform.plugin.services.security.userrole.ldap.search.NoOpLdapSearch">
</bean>

<bean id="ldapUserRoleListService"
  class="org.pentaho.platform.plugin.services.security.userrole.ldap.DefaultLdapUserRoleListService">
  <constructor-arg index="0" ref="initialDirContextFactory" />
  <property name="allAuthoritiesSearch">
    <ref local="allAuthoritiesSearch" />
  </property>
  <property name="allUsernamesSearch">
    <ref local="allUsernamesSearch" />
  </property>
  <property name="userDetailsService">
    <ref bean="userDetailsService" />
  </property>
  <property name="usernamesInRoleSearch">
    <ref local="usernamesInRoleSearch" />
  </property>
  <property name="usernameComparator">
    <bean class="org.pentaho.platform.engine.security.DefaultUsernameComparator" />
  </property>
  <property name="grantedAuthorityComparator">
    <bean class="org.pentaho.platform.engine.security.DefaultGrantedAuthorityComparator" />
  </property>
</bean>

<bean id="pentahoUserRoleListService"
  class="org.pentaho.platform.engine.security.userrole.UserDetailsRoleListService">
  <property name="userRoleListService">
    <ref local="ldapUserRoleListService" />
  </property>
</bean>
Include Page
ServerDoc2x:Search Scope IncludeServerDoc2x:
Search Scope Include