Active Directory schemas often comes with a plethora of customizations to cater to the specific requirements of an organization.

The sample code snippet below can be used in Bean Shell Permission, to retrieve the values of your custom user object attribute, to perform permission logic.

This guide is applicable for all permission types, e.g: Form Permission, UI Category Permission, etc.

import java.util.Map;
import org.joget.plugin.ldap.model.UserLDAPImpl;

public boolean isAuthorized(User user, Map params) {

    'user' parameter is current user
    'user' parameter is of User object, UserLDAPImpl extends User

    // Check if current user is not anonymous & current user belongs to AD user
    if (user != null && user instanceof UserLDAPImpl) {

        // Cast 'user' object to UserLDAPImpl
        UserLDAPImpl ldapUser = (UserLDAPImpl) user;

        // Re-use method getAttributes() to get user details
        Attributes attrs = ldapUser.getAttributes();

        //Change the attribute name here to suit your requirements
        String attributeName = "cn";
        if (attrs.get(attributeName) != null) {

            //This is how to retrieve attribute values

            Perform your permission logic for AD users here
    } else if (user != null && !(user instanceof UserLDAPImpl)) {
        Handle permission logic for non-AD users
    } else {
        return false;

//call isAuthorized method with injected variable
return isAuthorized(user, requestParams);

  • No labels