public class ReadOnlyLDAPGroupRestriction extends Object
Encapsulates the information required to restrict users to LDAP groups or
roles. Instances of this type are populated from the contents of the
<users-store>
configuration child-element
<restriction>
.
ReadOnlyUsersLDAPRepository
,
ReadOnlyLDAPUser
Constructor and Description |
---|
ReadOnlyLDAPGroupRestriction(org.apache.commons.configuration.HierarchicalConfiguration configuration)
Initialises an instance from the contents of a
<restriction> |
Modifier and Type | Method and Description |
---|---|
protected Map<String,Collection<String>> |
getGroupMembershipLists(LdapContext ldapContext)
Returns the distinguished-names (DNs) of all the members of the groups
specified in the restriction list.
|
protected boolean |
isActivated()
Indicates if group/role-based restriction is enabled for the the
user-store, based on the information encapsulated in the instance.
|
String |
toString()
Converts an instance of this type to a string.
|
public ReadOnlyLDAPGroupRestriction(org.apache.commons.configuration.HierarchicalConfiguration configuration)
<restriction> configuration XML
element.
configuration
- The avalon configuration instance that encapsulates the
contents of the <restriction> XML element.
ConfigurationException
- If an error occurs extracting values from the configuration
element.protected boolean isActivated()
True
If there list of group/role distinguished names
is not empty, and false
otherwise.public String toString()
protected Map<String,Collection<String>> getGroupMembershipLists(LdapContext ldapContext) throws NamingException
"<groupDN>=<
[userDN1,userDN2,...,userDNn]>"
. Put differently, each
groupDN
is associated to a list of userDNs
.connection
- The connection to the LDAP directory server.NamingException
- Propagated from underlying LDAP communication layer.Copyright © 2002-2012 The Apache Software Foundation. All Rights Reserved.