Sie sollten sich die UserDetailsContextMapper
ansehen. Es gibt bereits implementierende Klassen, die automatisch einige Attribute eines LDAP-Objekts wie InetOrgPersonContextMapper
oder PersonContextMapper
zuordnen. Wenn es ein spezielles Attribut gibt, müssen Sie Ihre eigenen registrieren, z. Wir haben Berichtszeilen in AD mit den Attributen manager
und directReports
gespeichert, die ich manuell zuordnen musste.
public class CustomUserDetailsContextMapper extends LdapUserDetailsMapper implements UserDetailsContextMapper {
@Autowired
private LdapUserService ldapUserService;
@Override
public UserDetails mapUserFromContext(DirContextOperations ops, String username,
Collection<? extends GrantedAuthority> authorities) {
UserDetails details = super.mapUserFromContext(ops, username, authorities);
String manager = ops.getStringAttribute("manager");
String[] directReports = ops.getStringAttributes("directReports");
User user = new User(
username,
"",
details.isEnabled(),
details.isAccountNonExpired(),
details.isCredentialsNonExpired(),
details.isAccountNonLocked(),
details.getAuthorities(),
manager,
directReports);
return user;
}
@Override
public void mapUserToContext(UserDetails user, DirContextAdapter dir) {
super.mapUserToContext(user, dir);
}
}
Und natürlich werden Sie auch Ihre UserDetails
auch zwicken müssen:
public class User extends org.springframework.security.core.userdetails.User {
private String manager;
private String[] directReports;
public User(String username, String password, boolean enabled, boolean accountNonExpired,
boolean credentialsNonExpired, boolean accountNonLocked,
Collection<? extends GrantedAuthority> authorities) {
super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
}
public User(String username, String password, boolean enabled, boolean accountNonExpired,
boolean credentialsNonExpired, boolean accountNonLocked,
Collection<? extends GrantedAuthority> authorities, String manager, String[] directReports) {
this(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
this.manager = manager;
this.directReports = directReports;
}
public String getManager() {
return manager;
}
public String[] getDirectReports() {
return directReports;
}
}
Hoffnung, das hilft.