Finally, once the LDAP lookup has assigned the user a set of GrantedAuthority
objects, o.s.s.ldap.userdetails.LdapUserDetailsMapper
will consult o.s.s.ldap.userdetails.UserDetailsContextMapper
to retrieve any additional details to populate the UserDetails
object for application use.
With <ldap-authentication-provider>
, we've configured to this point that LdapUserDetailsMapper
will be used to populate a UserDetails
object with information gleaned from the user's entry in the LDAP directory.
We'll see in a moment how UserDetailsContextMapper
can be configured to pull a wealth of information from the standard LDAP person
and inetOrgPerson
objects. With the baseline LdapUserDetailsMapper
, little more than username, password, and GrantedAuthority
is stored.
Although there is more machinery involved behind the scenes in LDAP user authentication and detail retrieval, you'll notice that the overall process seems somewhat similar (authenticating the...