That's pretty much the fix that I put in earlier today - the same issue was raised in the forums yesterday
http://forum.springframework.org/showthread.php?t=25430 and in Jira as SEC-281. Sorry it wasn't spotted earlier. Perhaps we should change the Spring maven dependency back to 1.2.8 to detect this kind of thing? Luke. Ben Munat wrote: > Thanks for entering the jira issue for me! I pulled from svn and built my own > jar with only two changes and I think it's > working now (the client hasn't called to complain yet :-) ). > > All I did was change two places that use EmptyResultDataAccessException to > use the next superclass up, which is > IncorrectResultSizeDataAccessException. The two classes that I changed were > FilterBasedLdapUserSearch (imports and line > 126) and LdapTemplate (imports and line 248). > > I don't know if this would be a suitable fix for the general population, but > it seems pretty self contained. The > LdapTemplate throws and the FilterBasedLdapUserSearch catches it and rethrows > as a UsernameNotFoundException. I think > this change would be fine for general release, but the author of the code > should definitely make that call. > > Thanks for the quick response. > > Ben > > PS: I just heard from the client and they're back in business with my patched > jar. > > -- Luke Taylor. Monkey Machine Ltd. PGP Key ID: 0x57E9523C http://www.monkeymachine.ltd.uk _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
