You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 31, 2022. It is now read-only.
When users are stored in LDAP only (jmix.ldap.user-details-source = ldap) it's impossible to get roles list from LDAP user attributes. Currently this feature is supported only for jmix.ldap.user-details-source = app because it requires to override the getAdditionalRoles() method of AbstractLdapUserDetailsSynchronizationStrategy.
One of the solutions may be to introduce a new interface. The optional bean implementing this interface will return a list of roles or role codes, e.g.
These roles will be used by both user-details-source: app and ldap.
Maybe we may extend the org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator and implement its org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator#getAdditionalRoles method.
Do not forget that we have two types of roles: resource and row-level.
The text was updated successfully, but these errors were encountered:
…ser management #13
- Introduced new interface that responsible for getting authorities for certain user
- Added extension of DefaultLdapAuthoritiesPopulator in order to use implementation of provided interface for getting user autorities
…ser management #13
- added example of usage for io.jmix.ldap.userdetails.LdapUserAdditionalRoleProvider#getAdditionalRoles
- fix javaDocs
- added a possibility to provide additional user roles in case of using active directory configuration
…ser management (#16)
* Obtaining roles from LDAP user attributes should work for in-memory user management #13
- Introduced a new interface that responsible for getting authorities for certain user
- Added extension of DefaultLdapAuthoritiesPopulator in order to use implementation of provided interface for getting user autorities
- Added a possibility to provide additional user roles in case of using active directory configuration
When users are stored in LDAP only (
jmix.ldap.user-details-source = ldap
) it's impossible to get roles list from LDAP user attributes. Currently this feature is supported only forjmix.ldap.user-details-source = app
because it requires to override thegetAdditionalRoles()
method ofAbstractLdapUserDetailsSynchronizationStrategy
.One of the solutions may be to introduce a new interface. The optional bean implementing this interface will return a list of roles or role codes, e.g.
These roles will be used by both
user-details-source
: app and ldap.Maybe we may extend the
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator
and implement itsorg.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator#getAdditionalRoles
method.Do not forget that we have two types of roles: resource and row-level.
The text was updated successfully, but these errors were encountered: