Le 06/12/2017 à 16:53, Isenhour, Justin a écrit : > My desire was to keep all standard features of the default authenticator, > allow it to run first to perform the standard validations then run my custom > validation after. To do this I created my custom authentication interceptor > which extends AuthenticationInterceptor, then I updated the list of > interceptors and changed the class name for the AuthenticationInterceptor > from the standard class to my custom class. Attached is the source code for > my custom authenticator. For now I will try to move the call to super just > after I perform my status check and see if that works but if you have a > better solution I would be happy to hear it. If you have any other feedback > on this custom authenticator (problems I may be causing for myself that I am > not aware of) please let me know as well.
I guess that calling authenticator.invalidateCache( bindContext.getDn() ); *before* calling super.bind(bindContext) should do the trick. The idea is to remove the DN from the cache, so that the bind operation is processed fully, instead of being bypassed if the user has already been bound. >From the performance point of view, the impact is not necessarily critical, if you don't have thousand bind/s anyway. Give it a try, and let me know if it does the job. -- Emmanuel Lecharny Symas.com directory.apache.org
