Announcement Announcement Module
No announcement yet.
LdapPasswordAuthenticationDao assumes rolesAttributes Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • LdapPasswordAuthenticationDao assumes rolesAttributes

    I am using an ldap server that doesn't have any roles defined. We are just using the ldap server for authentication. The LdapPasswordAuthenticationDao code assumes that there have to be roles existing.

    I may not understand enough about ldap but it seems to me that it is not unreasonable to be able to just authenticate a user.

    To be able to support this use case I had to add a check for rolesAttributes length at line 235:

    if (roles.isEmpty() && rolesAttributes.length > 0)

    and also a surround the log.debug statement at line 337:
    if(rolesString.length() > 0) {
    log.debug("Searching user context '" + userContext + "' for roles "
    + "attributes: " + rolesString.substring(1));

    Does this sound like a change that should be made to the class before it is included in a release version of Acegi?

  • #2
    I am now working on extensively updating the LdapPasswordAuthenticationDao code. I just checked in a much overhauled version which has a property "defaulRole" which if set (to anything non-null) avoids the BadCredentialsException. I am open to other suggestions: for instance maybe there should be a simple boolean flag here.


    • #3
      Thanks alot, rrsIPOV that will cover the changes I needed in the earlier version.