I've been going over the LDAP DAO stuff, and I thought I'd send some
notes out before I actually start any work. Which isn't,
unfortunately, to say that I positively will be able to work on this.
Time constraints, and all that. Also, I know that the current state
is meant to be a simplification of some of the previous work, which I
agree was necessary, but I think we need to at least enable some of
the different ways people use LDAP.
Also, I should be clear that the particular situation in which I want
to use LDAP+Acegi might not be typical. I'm not really sure. I have
a situation where authentication is *mainly* performed via LDAP, but
where authorizations are mainly kept elsewhere. So I need a chance to
add authorities not represented in LDAP. I also need a way to perform
"fallback" authentication, in case LDAP is unavailable. I'd be happy
if the default setup read authorizations strictly from LDAP, and there
was no fallback authentication, but I do need them to be available.
So, with that here are some notes:
1. The main class, LdapPasswordAuthenticationDao (which I'll just call
LPAD below) now inherits from an InitialDirContextFactoryBean. I
take it this superclass is meant to do the LDAP connection/search.
But there are many different strategies for this, and having a
single superclass doesn't seem like the best way to enable variant
approaches. I'd rather have a separate class which plugs into the
LDAP to do the search. We can provide a couple of concrete
implementations, including a "basic" bind, a "manager" search+bind,
and maybe something for AD.
2. the current LPAD has a getRolesFromContext() method which returns
String roles names from an LDAP context. perhaps we could have a
getRoles(), the default implementation of which delegates to
getRolesFromContext(), but which can be overridden.
3. if we included a stub method to attempt local authentication, my
requirement for a fallback auth method would be fulfilled.
something like
public UserDetails loadUserByUsernameAndPassword(String u, String p)
{
UserDetails user = loadLdap(u, p);
if (user == null) {
user = loadLocally(u, p);
}
}
that's it for now. hopefully Robert and the other authors of the
sandbox version are around to comment on this. in any case, I'll try
to get some actual work done on this later this week.
--
joe
-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
