use of org.springframework.ldap.core.AttributesMapper in project metron by apache.
the class KnoxSSOAuthenticationFilter method getAuthentication.
/**
* Builds the Spring Authentication object using the supplied user name and groups looked up from LDAP. Groups are currently
* mapped directly to Spring roles by converting to upper case and prepending the name with "ROLE_".
* @param userName The username to build the Authentication object with.
* @param httpRequest HttpServletRequest
* @return Authentication object for the given user.
*/
protected Authentication getAuthentication(String userName, HttpServletRequest httpRequest) {
String ldapName = LdapNameBuilder.newInstance().add(userSearchBase).add("uid", userName).build().toString();
// Search ldap for a user's groups and convert to a Spring role
List<GrantedAuthority> grantedAuths = ldapTemplate.search(query().where("objectclass").is("groupOfNames").and("member").is(ldapName), (AttributesMapper<String>) attrs -> (String) attrs.get("cn").get()).stream().map(group -> String.format("%s%s", SECURITY_ROLE_PREFIX, group.toUpperCase())).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
final UserDetails principal = new User(userName, "", grantedAuths);
final UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(principal, "", grantedAuths);
WebAuthenticationDetails webDetails = new WebAuthenticationDetails(httpRequest);
authentication.setDetails(webDetails);
return authentication;
}
Aggregations