I have defined two classes implementing @LdapIdentityStoreDefinition, but only the groups from the validating store is used. What am I missing?
Based on the configuration below and the Jakarta Tutorial, I expect the groups "USER" and "ROLE_1" for my authenticated user. Only group "USER" is listed. *** * Jakarta Tutorial *** https://jakartaee.github.io/jakartaee-documentation/jakartaee-tutorial/9.1/security/security-api/security-api.html#_overview_of_the_identity_store_interfaces There is a built-in IdentityStoreHandler that implements a standard algorithm defined by Jakarta Security. The Jakarta Security specification provides a full description of the algorithm, but it can be roughly summarized as follows: • Iterate over the available validating IdentityStores, in priority order, until the provided Credential is validated or there are no more IdentityStores. • If the Credential was validated, iterate over the available group-providing IdentityStores, in priority order, aggregating the groups returned by each store. • Return the validated caller and group information. *** * LDAP Configuation *** ou=groups,dc=example,dc=com contains cn=USERS uniqueMember= uid=myuser,ou=people,dc=example,dc=com ou=roles,dc=example,dc=com contains cn=ROLE_1 uniqueMember= uid=myuser,ou=people,dc=example,dc=com *** * 1st LdapIdentityStoreDefinition *** @LdapIdentityStoreDefinition(url = "ldap://localhost:10389", // bindDn = "uid=admin,ou=system", // bindDnPassword = "secret", // callerBaseDn = "ou=people, dc=example,dc=com", // callerNameAttribute = "uid", // groupSearchBase = "ou=groups,dc=example,dc=com", // groupMemberAttribute = "uniqueMember" @ApplicationScoped public class LdapIdentity { } *** * 1st LdapIdentityStoreDefinition *** @LdapIdentityStoreDefinition(url = "ldap://localhost:10389", // bindDn = "uid=admin,ou=system", // bindDnPassword = "secret", // groupSearchBase = "ou=roles,dc=example,dc=com", // groupMemberAttribute = "uniqueMember", useFor = (ValidationType.PROVIDE_GROUPS), priority = 100) @ApplicationScoped public class RolesIdentity { } Paul Spencer