Add comments on case sensitivity for password lookups

All external password provider lookups are case-sensitive and non-configurable by default See: ome/openmicroscopy#3078
imagopole · May 12, 2015 · 3a93c8a · 3a93c8a
1 parent aaecac8
commit 3a93c8a
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/src/main/java/org/imagopole/omero/auth/impl/ExternalInfoRoleProvider.java b/src/main/java/org/imagopole/omero/auth/impl/ExternalInfoRoleProvider.java
@@ -3,6 +3,8 @@
  */
 package org.imagopole.omero.auth.impl;
 
+import java.util.concurrent.atomic.AtomicBoolean;
+
 import ome.model.internal.Permissions;
 import ome.model.meta.Experimenter;
 import ome.model.meta.ExperimenterGroup;
@@ -21,6 +23,10 @@
  * This implementation overrides the <code>copyUser</code> and <code>copyGroup</code> methods
  * to include cloning of the user or group's {@link ExternalInfo} data (if it is present).
  *
+ * Unlike {@link SimpleRoleProvider}, this specialization does not currently allow case-sensitivity
+ * to be overridden at instantiation time: {@link #isIgnoreCaseLookup()} is expected to default to false.
+ * See https://github.com/openmicroscopy/openmicroscopy/blob/v5.1.0/etc/omero.properties#L73-L81
+ *
  * @author seb
  *
  */
@@ -30,7 +36,7 @@ public class ExternalInfoRoleProvider extends SimpleRoleProvider {
     private final Logger log = LoggerFactory.getLogger(ExternalInfoRoleProvider.class);
 
     /**
-     * Paremeterized constructor.
+     * Parameterized constructor (case-sensitive).
      *
      * @param sec OMERO security system
      * @param sf Hibernate session factory

diff --git a/src/main/java/org/imagopole/omero/auth/impl/SynchronizingPasswordProviders.java b/src/main/java/org/imagopole/omero/auth/impl/SynchronizingPasswordProviders.java
@@ -30,9 +30,12 @@
  * the second provider.
  *
  * This chaining logic differs from the default {@link ome.security.auth.PasswordProviders} mostly
- * ome.security.auth.PasswordProviders separation of authentication and synchronization - which are
- * typically performed together at authentication time in {@link ome.security.auth.LdapPasswordProvider}
+ * in:
+ * - the separation of authentication and synchronization - which are typically performed
+ * together at authentication time in {@link ome.security.auth.LdapPasswordProvider}
  * and {@link ome.security.auth.providers.LdapPasswordProvider431}.
+ * - the absence of support for case insensitive password checks, which is togglable in the default
+ * chain via a <code>ignoreCaseLookup</code> attribute.
  *
  * Note: if the first provider supports account synchronization as part of its
  * {@link #checkPassword(String, String, boolean)} operation, it may require disabling to avoid