Comments (2)
Ben Alex said:
One issue is the LDAP DAO implementation, as I am reluctant to finalize the approach until this is completed. Whether an PasswordAuthenticationDao is an appropriate level of granularity for the LDAP implementation needs further consideration. I feel it would be easier to develop an LdapAuthenticationProvider than an LdapPasswordAuthenticationDao – will take this up with Robert. If we make this change, there will be no need for this (SEC-9) task as PasswordDaoAuthenticationProvider will be removed.
from spring-security.
Ben Alex said:
Refactoring completed. There is now an AbstractUserDetailsAuthenticationProvider, of which DaoAuthenticationProvider is a subclass. The former marks two abstract methods, one which retrieves a UserDetails (and can optionally throw an exception if a binding-based retrieval is needed as per the old PasswordAuthenticationDao) and the other method completes credentials checking. The PasswordAuthenticationDao and PasswordDaoAuthenticationProvider have both been marked as deprecated and moved to the sandbox with the LDAP classes that use them. The LDAP refactoring (see SEC-12) should subclass AbstractUserDetailsAuthenticationProvider and at this point PasswordAuthenticationDao et al will be permanently removed.
from spring-security.
Related Issues (20)
- Annotation based putting values to session HOT 3
- spring-security/docs/modules/ROOT/pages/servlet/authorization /method-security HOT 2
- Add another loadUser method for UserDetailsService to takes Long as its argument HOT 5
- Attach Antora Docs to Pull Requests
- Attach Antora Docs to Pull Requests
- Attach Antora Docs to Pull Requests
- Attach Antora Docs to Pull Requests
- doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean
- doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean
- doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean
- doc: added hint to declare GrantedAuthorityDefaults as infrastructure bean
- OidcBackChannelLogoutHandler#logoutUrl not configurable, context path missing from default HOT 2
- Clarify the behavior of Concurrent Session Management when an IdP is involved HOT 8
- DefaultRedirectStrategy includes firewalled semicolon jsessionid in url HOT 1
- Support Remember-Me for OAuth2 login
- LDIF file on official documentation breaks the startup process
- Make OpenSamlMetadataRelyingPartyRegistrationConverter public HOT 1
- Add support OAuth 2.0 Step-up Authentication Challenge Protocol
- Ineffective CSRF Protection for SPAs as suggested by the Official Docs? HOT 3
- Add Kotlin support in `DefaultMethodSecurityExpressionHandler`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spring-security.