Skip to content
This repository

add cache-ref to authenticaiton-provider, add allow-empty-authorities to java-user-service #7

Closed
wants to merge 1 commit into from

2 participants

Xu Huisheng Rob Winch
Xu Huisheng
  • add cache-ref to <authentication-provider>

At this time, we could use the cache-ref attribute in user-detail-service. It seems to create a new instance of CacheUserDetailsService to cache the UserDetails, but if you only set userCache of JdbcDaoImpl, it will cause an Exception. Because JdbcDaoImpl will evict the password, so if the same user do logout, and try to login again, it will said that the credencial is not correct, then the user cannot login the system since the cache expired.

So the cache-ref of user-detail-service is confused, although it will be set to DaoAuthenticaitonProvider, but create a CacheuserDetailService is such a waste. So I wish there would be a cache-ref for authentication-provider to do same thing, and more meaningful.

  • add allow-empty-authorities to <jdbc-user-service>

If the login user has no authorities, there will always throw an UserNotFoundException, I wish there could be an attribute to control whether we should throw an exception. so add allow-empty-authorities to do such thing.

Please review it. Thank you very much.

Xu Huisheng add cache-ref to <authentication-provider>
add allow-empty-authorities to <jdbc-user-service>
c0ad835
Xu Huisheng

related JIRA issue is SEC-1962.
I have signed and agree to the terms of the SpringSource Individual Contributor License Agreement.

Rob Winch
Collaborator
rwinch commented July 26, 2012

Closing per comments on the JIRA at https://jira.springsource.org/browse/SEC-1962

Rob Winch rwinch closed this July 26, 2012
Xu Huisheng

Hi Rob, Thank you for you advices for contribution.

Although I can use your suggestion to avoid empty authorities check, it will cause user has meaningless authority. I have to check twice in my code, to decide which user have authorities and which user has no authorities then should be set a special authority, e.g. 'ROLE_NOTHING', that is not pretty.
So if you don't mind, I will create another issue for allow-empty-authorities and do another pull request.

Waiting for you reply.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Showing 1 unique commit by 1 author.

May 21, 2012
Xu Huisheng add cache-ref to <authentication-provider>
add allow-empty-authorities to <jdbc-user-service>
c0ad835
Something went wrong with that request. Please try again.