public final class ActiveDirectoryLdapAuthenticationProvider extends AbstractLdapAuthenticationProvider
It will authenticate using the Active Directory
userPrincipalName
(in the form username@domain). If the username does not already end with the domain name, the
userPrincipalName will be built by appending the configured domain name to the username supplied in the
authentication request. If no domain name is configured, it is assumed that the username will always contain the
domain name.
The user authorities are obtained from the data contained in the memberOf attribute.
convertSubErrorCodesToExceptions property to
true, the codes will also be used to control the exception raised.logger, messages, userDetailsContextMapper| Constructor and Description |
|---|
ActiveDirectoryLdapAuthenticationProvider(String domain,
String url) |
| Modifier and Type | Method and Description |
|---|---|
protected DirContextOperations |
doAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken auth) |
protected Collection<? extends org.springframework.security.core.GrantedAuthority> |
loadUserAuthorities(DirContextOperations userData,
String username,
String password)
Creates the user authority list from the values of the
memberOf attribute obtained from the user's
Active Directory entry. |
void |
setConvertSubErrorCodesToExceptions(boolean convertSubErrorCodesToExceptions)
By default, a failed authentication (LDAP error 49) will result in a
BadCredentialsException. |
authenticate, createSuccessfulAuthentication, getUserDetailsContextMapper, setAuthoritiesMapper, setMessageSource, setUseAuthenticationRequestCredentials, setUserDetailsContextMapper, supportsprotected DirContextOperations doAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken auth)
doAuthentication in class AbstractLdapAuthenticationProviderprotected Collection<? extends org.springframework.security.core.GrantedAuthority> loadUserAuthorities(DirContextOperations userData, String username, String password)
memberOf attribute obtained from the user's
Active Directory entry.loadUserAuthorities in class AbstractLdapAuthenticationProviderpublic void setConvertSubErrorCodesToExceptions(boolean convertSubErrorCodesToExceptions)
BadCredentialsException.
If this property is set to true, the exception message from a failed bind attempt will be parsed
for the AD-specific error code and a CredentialsExpiredException, DisabledException,
AccountExpiredException or LockedException will be thrown for the corresponding codes. All
other codes will result in the default BadCredentialsException.
convertSubErrorCodesToExceptions - true to raise an exception based on the AD error code.