diff --git a/core/src/main/java/org/acegisecurity/ldap/DefaultInitialDirContextFactory.java b/core/src/main/java/org/acegisecurity/ldap/DefaultInitialDirContextFactory.java index 430a845058..7ef5eafd76 100644 --- a/core/src/main/java/org/acegisecurity/ldap/DefaultInitialDirContextFactory.java +++ b/core/src/main/java/org/acegisecurity/ldap/DefaultInitialDirContextFactory.java @@ -106,11 +106,33 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory //~ Constructors =================================================================================================== - public DefaultInitialDirContextFactory(String providerUrl) { - this.providerUrl = providerUrl; + /** + * Create an uninitialized object. You must call {@link #setProviderUrl(String)} after instantiation. + */ + public DefaultInitialDirContextFactory() { + } + /** + * Create and initialize an instance to the LDAP url provided + * + * @param providerUrl a String of the form ldap://localhost:389/base_dn + */ + public DefaultInitialDirContextFactory(String providerUrl) { + this.setProviderUrl(providerUrl); + } + + //~ Methods ======================================================================================================== + + /** + * Set the LDAP url + * + * @param providerUrl a String of the form ldap://localhost:389/base_dn + */ + public void setProviderUrl(String providerUrl) { Assert.hasLength(providerUrl, "An LDAP connection URL must be supplied."); + this.providerUrl = providerUrl; + StringTokenizer st = new StringTokenizer(providerUrl); // Work out rootDn from the first URL and check that the other URLs (if any) match @@ -131,7 +153,14 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory //Assert.isTrue(uri.getScheme().equals("ldap"), "Ldap URL must start with 'ldap://'"); } - //~ Methods ======================================================================================================== + /** + * Get the LDAP url + * + * @return the url + */ + public String getProviderUrl() { + return providerUrl; + } private InitialDirContext connect(Hashtable env) { if (logger.isDebugEnabled()) { @@ -169,7 +198,7 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory env.put(Context.SECURITY_AUTHENTICATION, authenticationType); env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory); - env.put(Context.PROVIDER_URL, providerUrl); + env.put(Context.PROVIDER_URL, getProviderUrl()); if (useConnectionPool) { env.put(CONNECTION_POOL_KEY, "true"); diff --git a/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java b/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java index 4015a6858a..b01e05a502 100644 --- a/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java +++ b/core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java @@ -123,16 +123,44 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio //~ Constructors =================================================================================================== - public LdapAuthenticationProvider(LdapAuthenticator authenticator, LdapAuthoritiesPopulator authoritiesPopulator) { - Assert.notNull(authenticator, "An LdapAuthenticator must be supplied"); - Assert.notNull(authoritiesPopulator, "An LdapAuthoritiesPopulator must be supplied"); + /** + * Create an uninitialized instance. You must call {@link #setAuthenticator(LdapAuthenticator)} and + * {@link #setAuthoritiesPopulator(LdapAuthoritiesPopulator)} before using. + */ + public LdapAuthenticationProvider() { + } - this.authenticator = authenticator; - this.authoritiesPopulator = authoritiesPopulator; + /** + * Create an initialized instance to the values passed as arguments + * + * @param authenticator + * @param authoritiesPopulator + */ + public LdapAuthenticationProvider(LdapAuthenticator authenticator, LdapAuthoritiesPopulator authoritiesPopulator) { + this.setAuthenticator(authenticator); + this.setAuthoritiesPopulator(authoritiesPopulator); } //~ Methods ======================================================================================================== + public void setAuthenticator(LdapAuthenticator authenticator) { + Assert.notNull(authenticator, "An LdapAuthenticator must be supplied"); + this.authenticator = authenticator; + } + + public LdapAuthenticator getAuthenticator() { + return authenticator; + } + + public void setAuthoritiesPopulator(LdapAuthoritiesPopulator authoritiesPopulator) { + Assert.notNull(authoritiesPopulator, "An LdapAuthoritiesPopulator must be supplied"); + this.authoritiesPopulator = authoritiesPopulator; + } + + public LdapAuthoritiesPopulator getAuthoritiesPopulator() { + return authoritiesPopulator; + } + protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException { @@ -161,7 +189,7 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio user.setUsername(username); user.setPassword(password); - GrantedAuthority[] extraAuthorities = authoritiesPopulator.getGrantedAuthorities(ldapUser); + GrantedAuthority[] extraAuthorities = getAuthoritiesPopulator().getGrantedAuthorities(ldapUser); for (int i = 0; i < extraAuthorities.length; i++) { user.addAuthority(extraAuthorities[i]); @@ -171,7 +199,7 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio } protected LdapAuthoritiesPopulator getAuthoritiesPoulator() { - return authoritiesPopulator; + return getAuthoritiesPopulator(); } protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) @@ -195,7 +223,7 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio } try { - LdapUserDetails ldapUser = authenticator.authenticate(username, password); + LdapUserDetails ldapUser = getAuthenticator().authenticate(username, password); return createUserDetails(ldapUser, username, password); diff --git a/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/AbstractLdapAuthenticator.java b/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/AbstractLdapAuthenticator.java index 78d36df997..d5d888f516 100644 --- a/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/AbstractLdapAuthenticator.java +++ b/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/AbstractLdapAuthenticator.java @@ -70,7 +70,36 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In //~ Constructors =================================================================================================== - protected AbstractLdapAuthenticator(InitialDirContextFactory initialDirContextFactory) { + /** + * Create an uninitialized instance. You must call {@link #setInitialDirContextFactory(InitialDirContextFactory)} + * before using it. + */ + public AbstractLdapAuthenticator() { + } + + /** + * Create an initialized instance to the {@link InitialDirContextFactory} provided. + * + * @param initialDirContextFactory + */ + public AbstractLdapAuthenticator(InitialDirContextFactory initialDirContextFactory) { + this.setInitialDirContextFactory(initialDirContextFactory); + } + + // ~ Methods + // ======================================================================================================== + + public void afterPropertiesSet() throws Exception { + Assert.isTrue((userDnFormat != null) || (userSearch != null), + "Either an LdapUserSearch or DN pattern (or both) must be supplied."); + } + + /** + * Set the {@link InitialDirContextFactory} and initialize this instance from its data. + * + * @param initialDirContextFactory + */ + public void setInitialDirContextFactory(InitialDirContextFactory initialDirContextFactory) { Assert.notNull(initialDirContextFactory, "initialDirContextFactory must not be null."); this.initialDirContextFactory = initialDirContextFactory; @@ -81,14 +110,7 @@ public abstract class AbstractLdapAuthenticator implements LdapAuthenticator, In } } - //~ Methods ======================================================================================================== - - public void afterPropertiesSet() throws Exception { - Assert.isTrue((userDnFormat != null) || (userSearch != null), - "Either an LdapUserSearch or DN pattern (or both) must be supplied."); - } - - protected InitialDirContextFactory getInitialDirContextFactory() { + public InitialDirContextFactory getInitialDirContextFactory() { return initialDirContextFactory; } diff --git a/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator.java b/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator.java index 54e6e53b38..8f64c6a11f 100644 --- a/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator.java +++ b/core/src/main/java/org/acegisecurity/providers/ldap/authenticator/BindAuthenticator.java @@ -44,6 +44,19 @@ public class BindAuthenticator extends AbstractLdapAuthenticator { //~ Constructors =================================================================================================== + /** + * Create an uninitialized instance. You must call {@link #setInitialDirContextFactory(InitialDirContextFactory)} + * before using it. + */ + public BindAuthenticator() { + super(); + } + + /** + * Create an initialized instance to the {@link InitialDirContextFactory} provided. + * + * @param initialDirContextFactory + */ public BindAuthenticator(InitialDirContextFactory initialDirContextFactory) { super(initialDirContextFactory); } diff --git a/core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java b/core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java index cadfdc9ac6..badf13314f 100644 --- a/core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java +++ b/core/src/main/java/org/acegisecurity/providers/ldap/populator/DefaultLdapAuthoritiesPopulator.java @@ -112,6 +112,13 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator //~ Constructors =================================================================================================== + /** + * Create an uninitialized instance. You must call {@link #setInitialDirContextFactory(InitialDirContextFactory)} + * and {@link #setGroupSearchBase(String)} before using it. + */ + public DefaultLdapAuthoritiesPopulator() { + } + /** * Constructor for group search scenarios. userRoleAttributes may still be * set as a property. @@ -121,18 +128,8 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator * context factory. */ public DefaultLdapAuthoritiesPopulator(InitialDirContextFactory initialDirContextFactory, String groupSearchBase) { - Assert.notNull(initialDirContextFactory, "InitialDirContextFactory must not be null"); - Assert.notNull(groupSearchBase, "The groupSearchBase (name to search under), must not be null."); - this.initialDirContextFactory = initialDirContextFactory; - this.groupSearchBase = groupSearchBase; - - if (groupSearchBase.length() == 0) { - logger.info("groupSearchBase is empty. Searches will be performed from the root: " - + initialDirContextFactory.getRootDn()); - } - - ldapTemplate = new LdapTemplate(initialDirContextFactory); - ldapTemplate.setSearchControls(searchControls); + this.setInitialDirContextFactory(initialDirContextFactory); + this.setGroupSearchBase(groupSearchBase); } //~ Methods ======================================================================================================== @@ -204,16 +201,16 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator public Set getGroupMembershipRoles(String userDn, String username) { Set authorities = new HashSet(); - if (groupSearchBase == null) { + if (getGroupSearchBase() == null) { return authorities; } if (logger.isDebugEnabled()) { logger.debug("Searching for roles for user '" + username + "', DN = " + "'" + userDn + "', with filter " - + groupSearchFilter + " in search base '" + groupSearchBase + "'"); + + groupSearchFilter + " in search base '" + getGroupSearchBase() + "'"); } - Set userRoles = ldapTemplate.searchForSingleAttributeValues(groupSearchBase, groupSearchFilter, + Set userRoles = ldapTemplate.searchForSingleAttributeValues(getGroupSearchBase(), groupSearchFilter, new String[] {userDn, username}, groupRoleAttribute); if (logger.isDebugEnabled()) { @@ -254,6 +251,38 @@ public class DefaultLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator return initialDirContextFactory; } + /** + * Set the {@link InitialDirContextFactory} + * + * @param initialDirContextFactory supplies the contexts used to search for user roles. + */ + public void setInitialDirContextFactory(InitialDirContextFactory initialDirContextFactory) { + Assert.notNull(initialDirContextFactory, "InitialDirContextFactory must not be null"); + this.initialDirContextFactory = initialDirContextFactory; + + ldapTemplate = new LdapTemplate(initialDirContextFactory); + ldapTemplate.setSearchControls(searchControls); + } + + /** + * Set the group search base (name to search under) + * + * @param groupSearchBase if this is an empty string the search will be performed from the root DN of the context + * factory. + */ + public void setGroupSearchBase(String groupSearchBase) { + Assert.notNull(groupSearchBase, "The groupSearchBase (name to search under), must not be null."); + this.groupSearchBase = groupSearchBase; + if (groupSearchBase.length() == 0) { + logger.info("groupSearchBase is empty. Searches will be performed from the root: " + + getInitialDirContextFactory().getRootDn()); + } + } + + protected String getGroupSearchBase() { + return groupSearchBase; + } + public void setConvertToUpperCase(boolean convertToUpperCase) { this.convertToUpperCase = convertToUpperCase; }