SEC-595: Introduced loadUserAuthorities method. This can be overridden to allow loading of authorities with the authenticated user's credentials (by setting the security context). The Ldap ContextSource used in the authorities populator would also be configured with a SpringSecurityAuthentcationSource, to make use of the information in the security context.

core/src/main/java/org/springframework/security/providers/ldap/LdapAuthenticationProvider.java

@@ -225,7 +225,7 @@ public class LdapAuthenticationProvider implements AuthenticationProvider {
         try {
             DirContextOperations userData = getAuthenticator().authenticate(authentication);
 
-            GrantedAuthority[] extraAuthorities = getAuthoritiesPopulator().getGrantedAuthorities(userData, username);
+            GrantedAuthority[] extraAuthorities = loadUserAuthorities(userData, username, password);
 
             UserDetails user = userDetailsContextMapper.mapUserFromContext(userData, username, extraAuthorities);
 
@@ -236,6 +236,10 @@ public class LdapAuthenticationProvider implements AuthenticationProvider {
         }
     }
 
+    protected GrantedAuthority[] loadUserAuthorities(DirContextOperations userData, String username, String password) {
+        return getAuthoritiesPopulator().getGrantedAuthorities(userData, username);
+    }
+
     protected Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication,
             UserDetails user) {
         Object password = useAuthenticationRequestCredentials ? authentication.getCredentials() : user.getPassword();