A drawback of the LDAP authentication approach is, that roles and other user details are only retrieved from the LDAP server (plus it breaks the user counter, as it casts to org.appfuse.model.User). You might have the wish, to define additional properties or assign roles just available in the application scope. For this purpose I extended the base LdapAuthenticationProvider to integrate with AppFuse and return User objects, carrying merged data from the LDAP directory and the database.

LdapDbAuthenticationProvider

This class actually overrides the methode createUserDetails() of the base Acegi LdapAuthenticationProvider. Two possible scenarios may occur:

• User not in DB: A new user with the username, the password hash (to compensate LDAP outages) and some default property values will get created.
• User already in DB: The user gets loaded from the DB, then will be enriched with the Roles retrieved from the LDAP directory.

Here's the actual source code of the class:

Changes to the User class

To be able to modify the User class you have to import the AppFuse core classes.

Change security.xml

In this file the implementation of the ldapAuthenticationProvider has to be changed to the new class and some additional properties need to be assigned: