Announcement Announcement Module
No announcement yet.
LdapUserDetailsManager - Should createUser wipe out Authorities before bind ? Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • LdapUserDetailsManager - Should createUser wipe out Authorities before bind ?

    We have run across an issue when attempting to create a new user.

    First, all authorities are wiped out for the user, THEN the bind is attempted.

    If the bind fails because the user already exists, this leaves us with a user with no authorities.

    Here is the code in LdapUserDetailsManager:

        public void createUser(UserDetails user) {
            DirContextAdapter ctx = new DirContextAdapter();
            copyToContext(user, ctx);
            DistinguishedName dn = usernameMapper.buildDn(user.getUsername());
            // Check for any existing authorities which might be set for this DN
            GrantedAuthority[] authorities = getUserAuthorities(dn, user.getUsername());
            if(authorities.length > 0) {
                removeAuthorities(dn, authorities);
            logger.debug("Creating new user '"+ user.getUsername() + "' with DN '" + dn + "'");
            template.bind(dn, ctx, null);
            addAuthorities(dn, user.getAuthorities());
    Would there be any harm in moving the removeAuthorities call after the template.bind call ?

  • #2
    I guess that would probably be more sensible, since the user might already exist.

    Could you open an issue in Jira, please?