DelegatingActiveDirectoryLdapAuthenticationProvider.java

/**
 *
 */
package org.springframework.security.ldap.authentication.ad;

/*-
 * #%L
 * thinkbig-security-auth-ldap
 * %%
 * Copyright (C) 2017 ThinkBig Analytics
 * %%
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *     http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * #L%
 */

import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider;

import java.util.Collection;
import java.util.Collections;

/**
 * A decorator provider around a ActiveDirectoryLdapAuthenticationProvider because the latter hads been declared
 * final.  Allows disabling/enabling the loading of user group membership info after successful authentication.
 */
public class DelegatingActiveDirectoryLdapAuthenticationProvider extends AbstractLdapAuthenticationProvider {

    private final ActiveDirectoryLdapAuthenticationProvider delegate;
    private final boolean groupsEnabled;

    public DelegatingActiveDirectoryLdapAuthenticationProvider(ActiveDirectoryLdapAuthenticationProvider delegate) {
        this(delegate, false);
    }

    public DelegatingActiveDirectoryLdapAuthenticationProvider(ActiveDirectoryLdapAuthenticationProvider delegate, boolean groupsEnabled) {
        super();
        this.delegate = delegate;
        this.groupsEnabled = groupsEnabled;
    }

    /* (non-Javadoc)
     * @see org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider#doAuthentication(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)
     */
    @Override
    protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken auth) {
        return this.delegate.doAuthentication(auth);
    }

    /* (non-Javadoc)
     * @see org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider#loadUserAuthorities(org.springframework.ldap.core.DirContextOperations, java.lang.String, java.lang.String)
     */
    @Override
    protected Collection<? extends GrantedAuthority> loadUserAuthorities(DirContextOperations userData, String username, String password) {
        if (this.groupsEnabled) {
            return this.delegate.loadUserAuthorities(userData, username, password);
        } else {
            return Collections.emptyList();
        }
    }

}