From 10cd08009007ebdc16b7a141c240c255d3f98cfb Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Wed, 20 Jan 2010 18:51:29 +0000 Subject: [PATCH] SEC-1356: Update createUser method in LdapUserDetailsManager to create the LDAP entry before adding authorities. Prevents removal of authorities for an existing user. --- .../ldap/userdetails/LdapUserDetailsManager.java | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java index c07127e5e6..8e22d971cc 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsManager.java @@ -224,30 +224,26 @@ public class LdapUserDetailsManager implements UserDetailsManager { return roleCollector.getList(); } -// protected String getRoleFilter(DistinguishedName dn, String username) { -// return new EqualsFilter("uniquemember", dn.toString()).encode(); -// } - public void createUser(UserDetails user) { DirContextAdapter ctx = new DirContextAdapter(); copyToContext(user, ctx); DistinguishedName dn = usernameMapper.buildDn(user.getUsername()); - // Check for any existing authorities which might be set for this DN + + logger.debug("Creating new user '"+ user.getUsername() + "' with DN '" + dn + "'"); + + template.bind(dn, ctx, null); + + // Check for any existing authorities which might be set for this DN and remove them List authorities = getUserAuthorities(dn, user.getUsername()); if(authorities.size() > 0) { removeAuthorities(dn, authorities); } - logger.debug("Creating new user '"+ user.getUsername() + "' with DN '" + dn + "'"); - - template.bind(dn, ctx, null); - addAuthorities(dn, user.getAuthorities()); } public void updateUser(UserDetails user) { -// Assert.notNull(attributesToRetrieve, "Configuration must specify a list of attributes in order to use update."); DistinguishedName dn = usernameMapper.buildDn(user.getUsername()); logger.debug("Updating user '"+ user.getUsername() + "' with DN '" + dn + "'");