hi marian > That sounds all very good, thanks. There's just one thing that's still > troubling me: Is there any way I can get the current session (or principal) > in PrincipalProvider? With some LDAP servers (e.g. a typical Active > Directory), I can't access the principals without the current user's > credentials.
what do you mean by "current session"? the system session that does the setup? that's currently not possible but that should be feasible to do. however, this would most probably just cause the next issue: the system-session is an core internal session that your LDAP will - that's a guess of mine - not be happy with. if you mean: the session to be created... it is not yet available. apart the PrincipalProvider is intended to be able to read all principal information in order to have the permissions properly retrieved later on. so... without having tried it out, i would assume that passing required information to the provider upon it's initialization should work. in other words having that information in the configuration (if i'm not mistaken it's the loginmodule /jaas configuration params that are passed to registerProvider > createProvider > init). > (Obviously, that means the principal provider would only work once a user is > logged in. I'd just have to handle that in my LoginModule). not sure whether that would work... see above. regards angela
