import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
-import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
/**
- * Maps groups defined in LDAP to roles for a specific user.
+ * The class maps LDAP groups defined in the LDAP service to the ProteoCache
+ * roles for a specific user. The class implements the standard Spring Security
+ * GrantedAuthoritiesMapper interface and should replace the standard
+ * Authorities Mapper in security configuration XML file.
+ *
+ * @version 1.0 January 2014
+ *
+ * @author Alexaner Sherstnev
+ *
*/
@Resource
public class LDAPAuthorityMapper implements GrantedAuthoritiesMapper {
public LDAPAuthorityMapper() {
}
-/*
- public Collection<? extends GrantedAuthority> mapAuthorities(final Collection<? extends GrantedAuthority> authorities) {
- Set<PCacheLDAPAuthority> roles = EnumSet.noneOf(PCacheLDAPAuthority.class);
- roles.add(PCacheLDAPAuthority.ROLE_LDAP_USER);
- logger.info("LDAPAuthorityMapper: set new role ROLE_LDAP_USER");
- *
- * for (GrantedAuthority authority : authorities) { if
- * (ROLE_CUSTOMER_SERVICE_OFFICER.equals(authority.getAuthority())) {
- * roles.add(PCacheLDAPAuthority.ROLE_USER); } else if
- * (ROLE_ADMIN.equals(authority.getAuthority())) {
- * roles.add(PCacheLDAPAuthority.ROLE_ADMIN); } }
- *
- return roles;
- }*/
-
-
+ /**
+ * the real mapping method. Currently, all users who are able to
+ * authenticate are assigned with the same ROLE_LDAP_USER.
+ *
+ * @param authorities a set of original granted authorities assigned by ldapAuthProvider
+ * @return a new set of granted authorities greated in the method
+ */
public Collection<? extends GrantedAuthority> mapAuthorities(final Collection<? extends GrantedAuthority> authorities) {
SimpleGrantedAuthority sa = new SimpleGrantedAuthority("ROLE_LDAP_USER");
Set<GrantedAuthority> roles = new HashSet<GrantedAuthority>();
roles.add(sa);
logger.info("LDAPAuthorityMapper: set new role ROLE_LDAP_USER");
-
return roles;
}
}