Skip to content
This repository has been archived by the owner on Mar 31, 2022. It is now read-only.

Obtaining roles from LDAP user attributes should work for in-memory user management #13

Closed
gorbunkov opened this issue Dec 14, 2021 · 0 comments
Closed

Obtaining roles from LDAP user attributes should work for in-memory user management #13

gorbunkov opened this issue Dec 14, 2021 · 0 comments
Assignees
@artemy63 @owlet1997
Milestone
1.2.0

Comments

@gorbunkov
Copy link
Contributor

When users are stored in LDAP only (jmix.ldap.user-details-source = ldap) it's impossible to get roles list from LDAP user attributes. Currently this feature is supported only for jmix.ldap.user-details-source = app because it requires to override the getAdditionalRoles() method of AbstractLdapUserDetailsSynchronizationStrategy.

One of the solutions may be to introduce a new interface. The optional bean implementing this interface will return a list of roles or role codes, e.g.

Set<String> getAdditionalRoleCodes(DirContextOperations user, String username)

These roles will be used by both user-details-source: app and ldap.

Maybe we may extend the org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator and implement its org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator#getAdditionalRoles method.

Do not forget that we have two types of roles: resource and row-level.
@gorbunkov gorbunkov added this to the 1.2.0 milestone Jan 31, 2022
@artemy63 artemy63 self-assigned this Feb 18, 2022
artemy63 pushed a commit that referenced this issue Feb 20, 2022
Obtaining roles from LDAP user attributes should work for in-memory u…
0276927 
…ser management #13

- Introduced new interface that responsible for getting authorities for certain user
- Added extension of DefaultLdapAuthoritiesPopulator in order to use implementation of provided interface for getting user autorities
artemy63 pushed a commit that referenced this issue Feb 21, 2022
Obtaining roles from LDAP user attributes should work for in-memory u…
0e85647 
…ser management #13
artemy63 pushed a commit that referenced this issue Feb 21, 2022
Obtaining roles from LDAP user attributes should work for in-memory u…
f29cac0 
…ser management #13

- added example of usage for io.jmix.ldap.userdetails.LdapUserAdditionalRoleProvider#getAdditionalRoles
- fix javaDocs
- added a possibility to provide additional user roles in case of using active directory configuration
artemy63 pushed a commit that referenced this issue Feb 22, 2022
Obtaining roles from LDAP user attributes should work for in-memory u…
2109ee7 
…ser management (#16)

* Obtaining roles from LDAP user attributes should work for in-memory user management #13

- Introduced a new interface that responsible for getting authorities for certain user
- Added extension of DefaultLdapAuthoritiesPopulator in order to use implementation of provided interface for getting user autorities
- Added a possibility to provide additional user roles in case of using active directory configuration
@Flaurite Flaurite mentioned this issue Aug 2, 2022
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@artemy63 artemy63

@owlet1997 owlet1997

Labels
None yet
Projects
None yet
Milestone
1.2.0
Development

No branches or pull requests
3 participants
@gorbunkov @artemy63 @owlet1997