Matt Raible wrote: > I just committed this class. If you'd like, I can certainly add you as > an author on this file.
Not a big deal, but sure, if you feel like it. :-) > Also, do you (or Dave) know the implications > of not populating the user's roles. Looking at the > AuthoritiesPopulator that Dave added, it looks like this would be > pretty easy to add. I'm not a guru on this, so my understanding may be off, but here's my take: in the case that I setup and described in my original email about all this, the users roles do get populated by the jdbcAuthenticationDao. The only reason I put that empty Populator in was because one of the other classes expected to be injected with a Populator and I wasn't sure what would happen if I didn't inject one. That's why the RollerPopulator I wrote is basically a NOP. But... and this is where it gets interesting... if someone is integrating with LDAP, and they want to somehow use role information from LDAP as opposed to what's in the Roller DB, then they would need to subclass that Populator (or write a new imlementation altogether) that would know how to talk to LDAP, get any relevant permission info and turn it into GrantedAuthority objects and add them to the user object. I should also mention that my understanding of this is based on the Roller 3.1 code, and may not reflect the new stuff you guys put in for dealing with Users / Authorization / etc. in the 4.x stream. TTYL, Phil
