Go ahead and send me what you've got.
With regards to your proposed changes: I have had a similar thought in
the past, but put it aside, at least until I can finish the LDAP DAO
stuff (and become more familiar with the internals of Acegi). If you
want, I am willing to go along with you suggestion as an initial way of
implementing this. Longer term (probably post 1.0) I would like to see
a division between validating user credentials and retrieving user
role/permissio information so that it could be a more generalized
feature of Acegi, but I really haven't spent any time thinking about how
to actually do this.
Joseph Dane wrote:
I can go ahead and send you the changes I made. but before I do that,
I'd like to ask for some advice.
what's needed here is something which will do authentication against
LDAP first, but will also delegate to some other provider in case the
LDAP authentication fails. my first attempt at this was to use two
totally distinct providers, but it seems that Acegi will only use the
first provider that claims to support a given Authentication. so that
was out.
since that didn't work, I decided to change loadByUsernameAndPassword
to something like this:
public UserDetails loadUserByUsernameAndPassword(String username, String pas
sword) throws DataAccessException, BadCredentialsException {
if ((password == null) || (password.length() == 0)) {
throw new BadCredentialsException("Empty password");
}
UserDetails user = null;
try {
user = doLdapAuthentication(username, password);
}
catch (Exception e) {
e.printStackTrace();
}
if (user == null) {
user = doLocalAuthentication(username, password);
}
return user;
}
protected UserDetails doLdapAuthentication(String username, String password)
{
// actual LDAP authentication ...
...
}
protected UserDetails doLocalAuthentication(String username, String password
) {
return null;
}
the idea being that subclasses could override doLocalAuthentication to
do whatever they need to do in that case.
this works, but it means that your LDAP authentcation bean has to also
know about the "local" authentication details, password encoder, salt
source, etc., which seems less than ideal.
anyhow, if anyone has any suggestions about this (which really has
nothing to do with LDAP) then I can try incorporating them into my
changes before sending them back to you. if I don't hear anything by
tomorrow, I'll go ahead and send you what I've got.
--
Robert r. Sanders
Chief Technologist
iPOV
(334) 821-5412
www.ipov.net
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Home: http://acegisecurity.sourceforge.net
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
