Project: Acegi

Revision: 3263

Author: luke_t

Date: 26 Aug 2008 09:51:01

• /spring-security/trunk/core/src/main/resources/org/springframework/security/config/spring-security-2.0.4.rnc

  ......	@@ -89,7 +89,7 @@
  89	89	## Group search filter. Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user.
  90	90	attribute group-search-filter {xsd:string}
  91	91	group-search-base-attribute =
  92		## Search base for group membership searches. Defaults to "ou=groups".
  	92	## Search base for group membership searches. Defaults to "" (searching from the root).
  93	93	attribute group-search-base {xsd:string}
  94	94	user-search-filter-attribute =
  95	95	## The LDAP filter used to search for users (optional). For example "(uid={0})". The substituted parameter is the user's login name.

• /spring-security/trunk/core/src/main/resources/org/springframework/security/config/spring-security-2.0.xsd

  ......	@@ -222,7 +222,7 @@
  222	222	<xs:attribute name="group-search-base" use="required" type="xs:string">
  223	223	<xs:annotation>
  224	224	<xs:documentation>Search base for group membership searches. Defaults to
  225		"ou=groups".</xs:documentation>
  	225	"" (searching from the root).</xs:documentation>
  226	226	</xs:annotation>
  227	227	</xs:attribute>
  228	228	</xs:attributeGroup>

• /spring-security/trunk/core/src/main/java/org/springframework/security/config/LdapUserServiceBeanDefinitionParser.java

  ......	@@ -14,22 +14,22 @@
  14	14	* @since 2.0
  15	15	*/
  16	16	public class LdapUserServiceBeanDefinitionParser extends AbstractUserDetailsServiceBeanDefinitionParser {
  17		public static final String ATT_SERVER = "server-ref";
  	17	public static final String ATT_SERVER = "server-ref";
  18	18	public static final String ATT_USER_SEARCH_FILTER = "user-search-filter";
  19	19	public static final String ATT_USER_SEARCH_BASE = "user-search-base";
  20	20	public static final String DEF_USER_SEARCH_BASE = "";
  21	21
  22	22	public static final String ATT_GROUP_SEARCH_FILTER = "group-search-filter";
  23	23	public static final String ATT_GROUP_SEARCH_BASE = "group-search-base";
  24		public static final String ATT_GROUP_ROLE_ATTRIBUTE = "group-role-attribute";
  	24	public static final String ATT_GROUP_ROLE_ATTRIBUTE = "group-role-attribute";
  25	25	public static final String DEF_GROUP_SEARCH_FILTER = "(uniqueMember={0})";
  26		public static final String DEF_GROUP_SEARCH_BASE = "ou=groups";
  27
  	26	public static final String DEF_GROUP_SEARCH_BASE = "";
  	27
  28	28	static final String ATT_ROLE_PREFIX = "role-prefix";
  29	29	static final String ATT_USER_CLASS = "user-details-class";
  30	30	static final String OPT_PERSON = "person";
  31	31	static final String OPT_INETORGPERSON = "inetOrgPerson";
  32
  	32
  33	33	public static final String LDAP_SEARCH_CLASS = "org.springframework.security.ldap.search.FilterBasedLdapUserSearch";
  34	34	public static final String PERSON_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.PersonContextMapper";
  35	35	public static final String INET_ORG_PERSON_MAPPER_CLASS = "org.springframework.security.userdetails.ldap.InetOrgPersonContextMapper";
  ......	@@ -45,42 +45,42 @@
  45	45	if (!StringUtils.hasText(elt.getAttribute(ATT_USER_SEARCH_FILTER))) {
  46	46	parserContext.getReaderContext().error("User search filter must be supplied", elt);
  47	47	}
  48
  	48
  49	49	builder.addConstructorArg(parseSearchBean(elt, parserContext));
  50	50	builder.addConstructorArg(parseAuthoritiesPopulator(elt, parserContext));
  51	51	builder.addPropertyValue("userDetailsMapper", parseUserDetailsClass(elt, parserContext));
  52	52	}
  53
  	53
  54	54	static RootBeanDefinition parseSearchBean(Element elt, ParserContext parserContext) {
  55	55	String userSearchFilter = elt.getAttribute(ATT_USER_SEARCH_FILTER);
  56	56	String userSearchBase = elt.getAttribute(ATT_USER_SEARCH_BASE);
  57	57	Object source = parserContext.extractSource(elt);
  58
  	58
  59	59	if (StringUtils.hasText(userSearchBase)) {
  60	60	if(!StringUtils.hasText(userSearchFilter)) {
  61	61	parserContext.getReaderContext().error(ATT_USER_SEARCH_BASE + " cannot be used without a " + ATT_USER_SEARCH_FILTER, source);
  62	62	}
  63	63	} else {
  64	64	userSearchBase = DEF_USER_SEARCH_BASE;
  65		}
  66
  	65	}
  	66
  67	67	if (!StringUtils.hasText(userSearchFilter)) {
  68	68	return null;
  69	69	}
  70
  	70
  71	71	BeanDefinitionBuilder searchBuilder = BeanDefinitionBuilder.rootBeanDefinition(LDAP_SEARCH_CLASS);
  72	72	searchBuilder.setSource(source);
  73	73	searchBuilder.addConstructorArg(userSearchBase);
  74	74	searchBuilder.addConstructorArg(userSearchFilter);
  75	75	searchBuilder.addConstructorArg(parseServerReference(elt, parserContext));
  76
  	76
  77	77	return (RootBeanDefinition) searchBuilder.getBeanDefinition();
  78	78	}
  79
  	79
  80	80	static RuntimeBeanReference parseServerReference(Element elt, ParserContext parserContext) {
  81	81	String server = elt.getAttribute(ATT_SERVER);
  82	82	boolean requiresDefaultName = false;
  83
  	83
  84	84	if (!StringUtils.hasText(server)) {
  85	85	server = BeanIds.CONTEXT_SOURCE;
  86	86	requiresDefaultName = true;
  ......	@@ -89,27 +89,27 @@
  89	89	RuntimeBeanReference contextSource = new RuntimeBeanReference(server);
  90	90	contextSource.setSource(parserContext.extractSource(elt));
  91	91	LdapConfigUtils.registerPostProcessorIfNecessary(parserContext.getRegistry(), requiresDefaultName);
  92
  	92
  93	93	return contextSource;
  94	94	}
  95
  	95
  96	96	static RootBeanDefinition parseUserDetailsClass(Element elt, ParserContext parserContext) {
  97		String userDetailsClass = elt.getAttribute(ATT_USER_CLASS);
  98
  99		if (OPT_PERSON.equals(userDetailsClass)) {
  100		return new RootBeanDefinition(PERSON_MAPPER_CLASS, null, null);
  101		} else if (OPT_INETORGPERSON.equals(userDetailsClass)) {
  102		return new RootBeanDefinition(INET_ORG_PERSON_MAPPER_CLASS, null, null);
  103		}
  104		return new RootBeanDefinition(LDAP_USER_MAPPER_CLASS, null, null);
  	97	String userDetailsClass = elt.getAttribute(ATT_USER_CLASS);
  	98
  	99	if (OPT_PERSON.equals(userDetailsClass)) {
  	100	return new RootBeanDefinition(PERSON_MAPPER_CLASS, null, null);
  	101	} else if (OPT_INETORGPERSON.equals(userDetailsClass)) {
  	102	return new RootBeanDefinition(INET_ORG_PERSON_MAPPER_CLASS, null, null);
  	103	}
  	104	return new RootBeanDefinition(LDAP_USER_MAPPER_CLASS, null, null);
  105	105	}
  106
  	106
  107	107	static RootBeanDefinition parseAuthoritiesPopulator(Element elt, ParserContext parserContext) {
  108	108	String groupSearchFilter = elt.getAttribute(ATT_GROUP_SEARCH_FILTER);
  109	109	String groupSearchBase = elt.getAttribute(ATT_GROUP_SEARCH_BASE);
  110	110	String groupRoleAttribute = elt.getAttribute(ATT_GROUP_ROLE_ATTRIBUTE);
  111	111	String rolePrefix = elt.getAttribute(ATT_ROLE_PREFIX);
  112
  	112
  113	113	if (!StringUtils.hasText(groupSearchFilter)) {
  114	114	groupSearchFilter = DEF_GROUP_SEARCH_FILTER;
  115	115	}
  ......	@@ -117,25 +117,25 @@
  117	117	if (!StringUtils.hasText(groupSearchBase)) {
  118	118	groupSearchBase = DEF_GROUP_SEARCH_BASE;
  119	119	}
  120
  	120
  121	121	BeanDefinitionBuilder populator = BeanDefinitionBuilder.rootBeanDefinition(LDAP_AUTHORITIES_POPULATOR_CLASS);
  122	122	populator.setSource(parserContext.extractSource(elt));
  123	123	populator.addConstructorArg(parseServerReference(elt, parserContext));
  124	124	populator.addConstructorArg(groupSearchBase);
  125	125	populator.addPropertyValue("groupSearchFilter", groupSearchFilter);
  126	126	populator.addPropertyValue("searchSubtree", Boolean.TRUE);
  127
  	127
  128	128	if (StringUtils.hasText(rolePrefix)) {
  129	129	if ("none".equals(rolePrefix)) {
  130	130	rolePrefix = "";
  131	131	}
  132	132	populator.addPropertyValue("rolePrefix", rolePrefix);
  133	133	}
  134
  	134
  135	135	if (StringUtils.hasLength(groupRoleAttribute)) {
  136	136	populator.addPropertyValue("groupRoleAttribute", groupRoleAttribute);
  137	137	}
  138
  	138
  139	139	return (RootBeanDefinition) populator.getBeanDefinition();
  140	140	}
  141	141	}