Spring Security
  1. Spring Security
  2. SEC-1037

LdapAuthenticationProvider doesn't support messageSource updates/modifications

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Trivial Trivial
    • Resolution: Fixed
    • Affects Version/s: 2.0.4
    • Fix Version/s: 3.0.0 M1
    • Component/s: LDAP
    • Labels:
      None

      Description

      In order to allow localisation and personnal messages' definition org.springframework.security.providers.ldap.LdapAuthenticationProvider should implement org.springframework.context.MessageSourceAware.

      At this time it's not the case, so it is impossible to modify messages and use messages' localisation for this object (see §6.1 in spring security documentation http://static.springsource.org/spring-security/site/reference/html/supporting-infrastructure.html#localization).

      By the way this object also doesn't implement org.springframework.beans.factory.InitializingBean.

        Activity

        Hide
        Luke Taylor added a comment -

        OK. We can certainly add that for customization (though it does already provide for i18n through use of the SpringSecurityMessageSource).

        Why do you think we need to implement InitializingBean here?

        Show
        Luke Taylor added a comment - OK. We can certainly add that for customization (though it does already provide for i18n through use of the SpringSecurityMessageSource). Why do you think we need to implement InitializingBean here?
        Hide
        DakoR added a comment -

        according to the InitializingBean documentation: "Interface to be implemented by beans that need to react once all their properties have been set by a BeanFactory: for example, to perform custom initialization, or merely to check that all mandatory properties have been set."

        I think that LdapAutenticationProvider matches these criterias.

        Show
        DakoR added a comment - according to the InitializingBean documentation: "Interface to be implemented by beans that need to react once all their properties have been set by a BeanFactory: for example, to perform custom initialization, or merely to check that all mandatory properties have been set." I think that LdapAutenticationProvider matches these criterias.
        Hide
        Luke Taylor added a comment -

        It doesn't need any custom initialization and it isn't possible to create an instance without setting the necessary properties, so implementing InitializingBean would be superfluous - what would go in the afterPropertiesSet() method?

        Show
        Luke Taylor added a comment - It doesn't need any custom initialization and it isn't possible to create an instance without setting the necessary properties, so implementing InitializingBean would be superfluous - what would go in the afterPropertiesSet() method?
        Hide
        DakoR added a comment -

        ok for this, as you say, it's not possible to create an instance without setting the necessary properties, so InitializingBean is not mandatory.

        In fact, I sugested this after studying other providers source wich are similar (eg org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider).

        Show
        DakoR added a comment - ok for this, as you say, it's not possible to create an instance without setting the necessary properties, so InitializingBean is not mandatory. In fact, I sugested this after studying other providers source wich are similar (eg org.springframework.security.providers.dao.AbstractUserDetailsAuthenticationProvider).

          People

          • Assignee:
            Luke Taylor
            Reporter:
            DakoR
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: