Spring Security
  1. Spring Security
  2. SEC-986

BindAuthenticator makes it cumbersome to override its behavior (bindWithDn, BindWithSpecificDnContextSource, LdapTemplate)

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: 2.0.3
    • Fix Version/s: 3.0.0 M1
    • Component/s: LDAP
    • Labels:
      None
    • Environment:
      all

      Description

      During the course of implementing support for password policy request/response controls, I had to extend BindAuthenticator. An extension of LdapTemplate needed to be used in method bindWithDn(String, String, String).

      Method bindWithDn() is private, and the template cannot be injected, so currently I had to unnecessarily create a copy of the authenticate method, a copy of the inner class BindWithSpecificDnContextSource, and a modified copy of method bindWithDn.

      If the LdapTemplate was injected as a bean dependency, then the class BindAuthenticator could be easily extended - only handleBindException needs to be special.

      At least, method bindWithDn and the inner class should be made visible to subclasses.

        Activity

        Hide
        Luke Taylor added a comment -

        Following the upgrade to Spring LDAP 1.3, BindAuthenticator no longer uses a template but calls the new method on the ContextSource interface directly to authenticate. So none of the above changes apply any more. I don't want to expose this kind of internal implementation detail in any case as it allows us more flexibility for maintenance during minor releases if such details are kept private. If you want to customize the behaviour you can extend AbstractLdapAuthenticator or implement the LdapAuthenticator interface directly.

        Show
        Luke Taylor added a comment - Following the upgrade to Spring LDAP 1.3, BindAuthenticator no longer uses a template but calls the new method on the ContextSource interface directly to authenticate. So none of the above changes apply any more. I don't want to expose this kind of internal implementation detail in any case as it allows us more flexibility for maintenance during minor releases if such details are kept private. If you want to customize the behaviour you can extend AbstractLdapAuthenticator or implement the LdapAuthenticator interface directly.

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Jürgen Failenschmid
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: