Re: [Acegisecurity-developer] LdapAuthenticationProvider and Chaining Providers

[Tyler Nelson]

Hi Ben,
 I will look at additionalAuthenticationChecks, somehow i missed that. 
What I did on Friday was create a new Provider that takes multiple Providers and requires that all "nested" providers authenticate correctly.

 This nested provider solution or additionalAuthenticationChecks can solve my current requirement. However the nested provider solution can add extra complexity to the app context, but does allows for  nice flexibility to handle different authentication scenarios.

I have included a slice of the app context for the nested provider test to give you an idea of the change.

What's your thought? Is this a valid a solution? Do you think there will be any problems if i stay with this approach.

Thanks again,
  Tyler

<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
      <property name="providers">
              <list>
                  <bean class="org.example.providers.NestedAuthenticationProvider">
                      <property name="providers">
                           <list>
                             <ref local="ldapAuthenticationProvider"/>
                            <ref local="daoAuthenticationProvider"/>
                         </list>
                      </property>
                  </bean>
                  <ref local="anonymousAuthenticationProvider" />
              </list>
      </property>
   </bean>

 

On 2/6/06, Ben Alex < [EMAIL PROTECTED]> wrote:

Tyler Nelson wrote:
> The provider manager seems to only need one provider to authenticate,
> not all . What would be the suggested way to handle this situation.
> besides extending ProviderManager?
Could you subclass LdapAuthenticationProvider and override
additionalAuthenticationChecks?

For the benefit of the archives, "chaining" usually means trying one
AuthenticationProvider and then another if the first fails to
authenticate. ProviderManager can do this out-of-the-box. What Tyler is
trying to do involves a single AuthenticationProvider requiring
information stored in two different places (LDAP and RDBMS), so it needs
a subclass.

Cheers
Ben


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer