#ldap module

Broadleaf Commerce, an enterprise class, open source eCommerce framework is built on The Spring Framework.  As such, Spring Security is a natural choice to provide security for Broadleaf Commerce, even when using an authentication mechanism like Active Directory.  Broadleaf Commerce provides a few entities that make up the basic domain and foundation for security.  These entities include:

AdminUser (representing a user of the administrative portal)

AdminRole (a named entity representing a mapping of AdminUser to multiple AdminPerssions)

AdminPermission (a named entity representing a specific Broadleaf permission)

With this configuration you can manage security quite effectively from the Broadleaf database, requiring administrators to log in and gain access to features of the administrative console depending on their roles.  However, many companies wish to maintain user credentials and roles in an LDAP server.  Active Directory is a very popular LDAP server for many organizations.  So how can one use Active Directory to authenticate and authorize administrative users in Broadleaf Commerce?

The answer goes back to Spring Security.  Spring Security provides an  LDAP module.  It also provides an extension to specifically deal with Active Directory.  It is a simple matter of configuration to secure the application with Spring Security and Active Directory.  However, we need the principal and roles that are returned from LDAP to map to Broadleaf-specific users.  In order to facilitate this, Broadleaf has implemented a bean called BroadleafActiveDirectoryUserDetailsMapper  and a Servlet Filter called AdminExternalLoginStateFilter.