Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-827: New attribute for security XSD to allow non-upper-case roles. #1084

Closed
spring-issuemaster opened this issue May 12, 2008 · 7 comments
Closed

Comments

@spring-issuemaster
Copy link

@spring-issuemaster spring-issuemaster commented May 12, 2008

David Greenberg(Migrated from SEC-827) said:

It would be really nice if either the ldap-authentication-provider or ldap-user-service elements contained an attribute that could override the default of converting roles to upper case. I am new to Spring Security, and would prefer not having to use a bean-based XML file just for this one boolean. The security XSD makes the configuration very clean.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented May 12, 2008

Luke Taylor said:

What is the use case that you require this for? It shouldn’t normally have any impact outside the security configuration.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented May 12, 2008

David Greenberg said:

When using Apache Tomahawk’s attribute visibleOnUserRole, the comparison is case-sensitive. I would either need to change those to be upper case strings, or set the convertToUpperCase in the security configuration to false. I prefer the latter.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented May 12, 2008

Luke Taylor said:

Rather than extending the namespace to cater for all options, you can also achieve this kind of fine tuning by adding your own BeanPostProcessor to adjust the settings as required. For example

public class LowerCaseLdapRolesBeanPostProcessor implements BeanPostProcessor {

```
Object postProcessBeforeInitialization(Object bean, String beanName) {
if (bean instanceof DefaultLdapAuthoritiesPopulator) {
((DefaultLdapAuthoritiesPopulator)bean).setConvertToUpperCase(false);
}
return bean;
}

Object postProcessAfterInitialization(Object bean, String beanName) {
return bean;
}
```

}

Adding this bean to the application context would then change the default value from true to false for this class, as you require.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented May 12, 2008

David Greenberg said:

That works. It’s not my favorite option, as I was hoping to keep the beans schema out of the security configuration entirely, but this is good enough for my purposes. Is there a reason not to create an attribute similar to the role-prefix attribute to the ldap-authentication-provider element? I’m just curious at this point.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented May 12, 2008

Luke Taylor said:

I wouldn’t rule it out. I was really just suggesting it as an option to get round the issue. It’s just that everyone wants support for their particular configuration needs in the namespace and we want to keep it as simple as possible and not rush into adding things which may not be widely required or which have straightforward enough alternatives.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented May 12, 2008

David Greenberg said:

Sounds good to me. Thank you for your help.

@spring-issuemaster

This comment has been minimized.

Copy link
Author

@spring-issuemaster spring-issuemaster commented May 30, 2008

Luke Taylor said:

See the comments in SEC-840. If we are extending the namespace in this area it should be to provide more general support for attribute-mapping strategies, rather than individual attributes for role prefixes, case changes etc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.