diff --git a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java index 327f43d518c..b4a89397e47 100644 --- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java +++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -114,6 +114,22 @@ public void authenticationManagerWhenSearchSubtreeThenNestedGroupFound() throws this.mockMvc.perform(request).andExpect(expectedUser); } + @Test + public void authenticationManagerWhenNotConvertToUpperCaseThenRolesAreLowerCased() throws Exception { + this.spring.register(NotConvertToUpperCaseConfig.class).autowire(); + + // @formatter:off + SecurityMockMvcRequestBuilders.FormLoginRequestBuilder request = formLogin() + .user("ben") + .password("benspassword"); + SecurityMockMvcResultMatchers.AuthenticatedMatcher expectedUser = authenticated() + .withUsername("ben") + .withAuthorities( + AuthorityUtils.createAuthorityList("role_managers", "role_developers")); + // @formatter:on + this.mockMvc.perform(request).andExpect(expectedUser); + } + @EnableWebSecurity static class MultiLdapAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter { @@ -193,4 +209,21 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception { } + @EnableWebSecurity + static class NotConvertToUpperCaseConfig extends BaseLdapProviderConfig { + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + // @formatter:off + auth + .ldapAuthentication() + .groupSearchBase("ou=groups") + .groupSearchFilter("(member={0})") + .userDnPatterns("uid={0},ou=people") + .convertToUpperCase(false); + // @formatter:on + } + + } + } diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java index ac956837b73..9bd15010686 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2021 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -70,6 +70,8 @@ public class LdapAuthenticationProviderConfigurer rolePrefix(String rolePrefix) { return this; } + /** + * If true, the role names are converted to uppercase letters. If false, the role + * names remain untouched. + * @param convertToUpperCase set to true to convert the role name to uppercase. + * @return the {@link LdapAuthenticationProviderConfigurer} for further customizations + */ + public LdapAuthenticationProviderConfigurer convertToUpperCase(boolean convertToUpperCase) { + this.convertToUpperCase = convertToUpperCase; + return this; + } + /** * Search base for user searches. Defaults to "". Only used with * {@link #userSearchFilter(String)}.