Using Custom Role Populator On Spring Security LDAP

Here’s how you can use Spring Security LDAP just for password authentication, but use your own database for assigning role / authorities.

First on your context xml define an LDAP server context bean as per normal:

Then define LDAPAuthenticationProvider bean:

If you noticed at the bottom we set authoritiesPopulator into myLDAPAuthPopulator bean which we’ll define next. This is where you can lookup your database using jdbc or other method to populate the roles given an authenticated username:

("myLDAPAuthPopulator")
public class MyLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {

  
  public Collection extends GrantedAuthority> getGrantedAuthorities(DirContextOperations userData, String username) {
    List authorities = new ArrayList();
    User user = userDAO.findByUsername(username);
    for(String role : user.getRoles()) {
      authorities.add(new SimpleGrantedAuthority(role));
    }
    return authorities;
  }

}

And finally register this authentication provider in the authentication manager:

Otherwise I'll Forget

Using Custom Role Populator On Spring Security LDAP

Leave a Reply Cancel reply

Gerry's software development journey of trial, errors and re-trials