Announcement Announcement Module
Collapse
No announcement yet.
LdapUserDetailsManager - Should createUser wipe out Authorities before bind ? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LdapUserDetailsManager - Should createUser wipe out Authorities before bind ?

    We have run across an issue when attempting to create a new user.

    First, all authorities are wiped out for the user, THEN the bind is attempted.

    If the bind fails because the user already exists, this leaves us with a user with no authorities.

    Here is the code in LdapUserDetailsManager:

    Code:
        public void createUser(UserDetails user) {
            DirContextAdapter ctx = new DirContextAdapter();
            copyToContext(user, ctx);
            DistinguishedName dn = usernameMapper.buildDn(user.getUsername());
            // Check for any existing authorities which might be set for this DN
            GrantedAuthority[] authorities = getUserAuthorities(dn, user.getUsername());
    
            if(authorities.length > 0) {
                removeAuthorities(dn, authorities);
            }
    
            logger.debug("Creating new user '"+ user.getUsername() + "' with DN '" + dn + "'");
    
            template.bind(dn, ctx, null);
    
            addAuthorities(dn, user.getAuthorities());
        }
    Would there be any harm in moving the removeAuthorities call after the template.bind call ?

  • #2
    I guess that would probably be more sensible, since the user might already exist.

    Could you open an issue in Jira, please?

    Comment

    Working...
    X