SEC-251: Document use of {1} parameter in javadoc for DefaultLdapAuthoritiesPopulator.
This commit is contained in:
parent
fd0d4cd8b0
commit
3fbc7beb88
|
@ -40,8 +40,9 @@ import javax.naming.directory.SearchControls;
|
|||
|
||||
/**
|
||||
* The default strategy for obtaining user role information from the directory.
|
||||
* <p>It obtains roles by performing a search for "groups" the user is a member of.
|
||||
* </p>
|
||||
*
|
||||
* <p>It obtains roles by performing a search for "groups" the user is a member of.</p>
|
||||
*
|
||||
* <p>A typical group search scenario would be where each group/role is specified using the <tt>groupOfNames</tt>
|
||||
* (or <tt>groupOfUniqueNames</tt>) LDAP objectClass and the user's DN is listed in the <tt>member</tt> (or
|
||||
* <tt>uniqueMember</tt>) attribute to indicate that they should be assigned that role. The following LDIF sample has
|
||||
|
@ -57,8 +58,10 @@ import javax.naming.directory.SearchControls;
|
|||
* <p>The group search is performed within a DN specified by the <tt>groupSearchBase</tt> property, which should
|
||||
* be relative to the root DN of its <tt>InitialDirContextFactory</tt>. If the search base is null, group searching is
|
||||
* disabled. The filter used in the search is defined by the <tt>groupSearchFilter</tt> property, with the filter
|
||||
* argument {0} being the full DN of the user. You can also specify which attribute defines the role name by setting
|
||||
* argument {0} being the full DN of the user. You can also optionally use the parameter {1}, which will be substituted
|
||||
* with the username. You can also specify which attribute defines the role name by setting
|
||||
* the <tt>groupRoleAttribute</tt> property (the default is "cn").</p>
|
||||
*
|
||||
* <p>The configuration below shows how the group search might be performed with the above schema.
|
||||
* <pre>
|
||||
* <bean id="ldapAuthoritiesPopulator"
|
||||
|
|
Loading…
Reference in New Issue