LdapAuthoritiesPopulator should be postProcessed

To enable customizations through withObjectPostProcessor

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java

@@ -141,7 +141,7 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		defaultAuthoritiesPopulator.setGroupSearchFilter(this.groupSearchFilter);
 		defaultAuthoritiesPopulator.setSearchSubtree(this.groupSearchSubtree);
 		defaultAuthoritiesPopulator.setRolePrefix(this.rolePrefix);
-		this.ldapAuthoritiesPopulator = defaultAuthoritiesPopulator;
+		this.ldapAuthoritiesPopulator = postProcess(defaultAuthoritiesPopulator);
 		return defaultAuthoritiesPopulator;
 	}
 

config/src/test/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurerTests.java

@@ -19,11 +19,23 @@ package org.springframework.security.config.annotation.authentication.configurer
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
 import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
+import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
+import org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator;
+import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
+import org.springframework.test.util.ReflectionTestUtils;
+
+import java.util.Collection;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.test.util.ReflectionTestUtils.getField;
+import static org.springframework.test.util.ReflectionTestUtils.invokeMethod;
 
 public class LdapAuthenticationProviderConfigurerTests {
 
@@ -42,4 +54,41 @@ public class LdapAuthenticationProviderConfigurerTests {
 		assertThat(this.configurer.getAuthoritiesMapper()).isInstanceOf(NullAuthoritiesMapper.class);
 	}
 
+	@Test
+	public void customAuthoritiesPopulator() throws Exception {
+		assertThat(getField(this.configurer, "ldapAuthoritiesPopulator")).isNull();
+		this.configurer.ldapAuthoritiesPopulator(new NullLdapAuthoritiesPopulator());
+		assertThat(getField(this.configurer, "ldapAuthoritiesPopulator")).isInstanceOf(NullLdapAuthoritiesPopulator.class);
+	}
+
+	@Test
+	public void authoritiesPopulatorIsPostProcessed() throws Exception {
+		assertThat(getField(this.configurer, "ldapAuthoritiesPopulator")).isNull();
+		this.configurer.contextSource(new DefaultSpringSecurityContextSource("ldap://localhost:389"));
+		this.configurer.addObjectPostProcessor(
+				new ObjectPostProcessor<LdapAuthoritiesPopulator>() {
+					@Override
+					public <O extends LdapAuthoritiesPopulator> O postProcess(O object) {
+						if (object instanceof DefaultLdapAuthoritiesPopulator) {
+							return (O)new TestPostProcessLdapAuthoritiesPopulator();
+						}
+						else {
+							return object;
+						}
+					}
+				}
+		);
+		invokeMethod(this.configurer, "getLdapAuthoritiesPopulator");
+		assertThat(getField(this.configurer, "ldapAuthoritiesPopulator"))
+				.isInstanceOf(TestPostProcessLdapAuthoritiesPopulator.class);
+	}
+
+	private static class TestPostProcessLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator {
+		@Override
+		public Collection<? extends GrantedAuthority> getGrantedAuthorities(
+				DirContextOperations userData, String username) {
+			return null;
+		}
+	}
+
 }