Package org.bremersee.spring.security.ldaptive.authentication

Class LdaptiveAuthenticationProperties

java.lang.Object
org.bremersee.spring.security.ldaptive.authentication.LdaptiveAuthenticationProperties
All Implemented Interfaces:
Serializable
Direct Known Subclasses:
LdaptiveAuthenticationProperties.WithDefaults
public class LdaptiveAuthenticationProperties extends Object implements Serializable
The ldaptive authentication properties.
Author:
Christian Bremer
See Also:

  • Field Details

    • usernameToBindDnConverter

      protected UsernameToBindDnConverterProperty usernameToBindDnConverter
      The username (like 'anna') to bind dn (like 'cn=anna,ou=people,dc=example,dc=org') converter.

    • userBaseDn

      protected String userBaseDn
      The user base dn (like 'ou=people,dc=example,dc=org'). This value is always required.

    • refusedUsernames

      protected List<String> refusedUsernames
      A list with refused usernames.

    • userObjectClass

      protected String userObjectClass
      The object class of the user (like 'inetOrgPerson'). The selected template contains a default.

    • usernameAttribute

      protected String usernameAttribute
      The username attribute of the user (like 'uid' or 'sAMAccountName'). The selected template contains a default.

    • userRdnAttribute

      protected String userRdnAttribute
      Applies only for simple bind. The rdn attribute of the user. This is normally the same as the username attribute.

    • passwordAttribute

      protected String passwordAttribute
      The password attribute of the user (like 'userPassword'). If it is empty, a simple user bind will be done with the credentials of the user for authentication. If it is present, the connection to the ldap server must be done by a 'global' user and a password encoder that fits your requirements must be present. The default password encoder only supports SHA, that is insecure.

    • passwordLastSetAttribute

      protected String passwordLastSetAttribute
      The password last set attribute (like 'pwdLastSet') can be used to activate the remember-me functionality.

    • userFindOneFilter

      protected String userFindOneFilter
      The filter to find the user. If it is empty, it will be generated from userObjectClass and usernameAttribute like this (&(objectClass=inetOrgPerson)(uid={0})).

    • userFindOneSearchScope

      protected org.ldaptive.SearchScope userFindOneSearchScope
      The scope to find a user. Default is 'one level'.

    • firstNameAttribute

      protected String firstNameAttribute
      The first name attribute of the user. Default is 'givenName'.

    • lastNameAttribute

      protected String lastNameAttribute
      The last name attribute of the user. Default is 'sn'.

    • emailAttribute

      protected String emailAttribute
      The email attribute of the user. Default is 'mail';

    • accountControlEvaluator

      protected AccountControlEvaluatorProperty accountControlEvaluator
      The account control evaluator.

    • groupFetchStrategy

      protected LdaptiveAuthenticationProperties.GroupFetchStrategy groupFetchStrategy
      The group fetch strategy.

    • memberAttribute

      protected String memberAttribute
      The member attribute.

    • groupBaseDn

      protected String groupBaseDn
      The group base dn (like 'ou=groups,dc=example,dc=org'). It's only required, if groupFetchStrategy is set to GROUP_CONTAINS_USERS.

    • groupSearchScope

      protected org.ldaptive.SearchScope groupSearchScope
      The group search scope. It's only required, if groupFetchStrategy is set to GROUP_CONTAINS_USERS,

    • groupObjectClass

      protected String groupObjectClass
      The group object class. It's only required, if groupFetchStrategy is set to GROUP_CONTAINS_USERS

    • groupIdAttribute

      protected String groupIdAttribute
      The group id attribute. It's only required, if groupFetchStrategy is set to GROUP_CONTAINS_USERS

    • groupMemberAttribute

      protected String groupMemberAttribute
      The group member attribute. It's only required, if groupFetchStrategy is set to GROUP_CONTAINS_USERS

    • groupMemberFormat

      protected String groupMemberFormat
      The group member format. It's only required, if groupFetchStrategy is set to GROUP_CONTAINS_USERS

    • roleMapping

      protected List<LdaptiveAuthenticationProperties.RoleMapping> roleMapping
      The role mappings.

    • defaultRoles

      protected List<String> defaultRoles
      The default roles.

    • rolePrefix

      protected String rolePrefix
      The role prefix (like 'ROLE_').

    • roleCaseTransformation

      protected CaseTransformation roleCaseTransformation
      The role case transformation.

    • roleStringReplacements

      protected List<LdaptiveAuthenticationProperties.StringReplacement> roleStringReplacements
      The string replacements for roles.

  • Constructor Details

    • LdaptiveAuthenticationProperties

      public LdaptiveAuthenticationProperties()

  • Method Details

    • toRoleMappings

      public Map<String,String> toRoleMappings()
      To role mappings map.
      Returns:
      the map

    • toRoleStringReplacements

      public Map<String,String> toRoleStringReplacements()
      To role string replacements map.
      Returns:
      the map