LdapPasswordAuthenticationDao assumes rolesAttributes

**cfboxall** · Mar 1st, 2005, 12:48 AM

I am using an ldap server that doesn't have any roles defined. We are just using the ldap server for authentication. The LdapPasswordAuthenticationDao code assumes that there have to be roles existing.

I may not understand enough about ldap but it seems to me that it is not unreasonable to be able to just authenticate a user.

To be able to support this use case I had to add a check for rolesAttributes length at line 235:

if (roles.isEmpty() && rolesAttributes.length > 0)

and also a surround the log.debug statement at line 337:
if(rolesString.length() > 0) {
log.debug("Searching user context '" + userContext + "' for roles "
+ "attributes: " + rolesString.substring(1));
}

Does this sound like a change that should be made to the class before it is included in a release version of Acegi?

**rrsIPOV** · Mar 1st, 2005, 09:10 PM

I am now working on extensively updating the LdapPasswordAuthenticationDao code. I just checked in a much overhauled version which has a property "defaulRole" which if set (to anything non-null) avoids the BadCredentialsException. I am open to other suggestions: for instance maybe there should be a simple boolean flag here.

**cfboxall** · Mar 2nd, 2005, 12:50 PM

Thanks alot, rrsIPOV that will cover the changes I needed in the earlier version.

Thread: LdapPasswordAuthenticationDao assumes rolesAttributes

Thread Tools

Display

LdapPasswordAuthenticationDao assumes rolesAttributes

Similar Threads

MBeanClientInterceptor assumes lower-case Attribute names

Posting Permissions