smolnar82 commented on code in PR #1258:
URL: https://github.com/apache/knox/pull/1258#discussion_r3401624364
##########
gateway-server/src/main/java/org/apache/knox/gateway/services/ldap/interceptor/LDAPRolesLookupInterceptorFactory.java:
##########
@@ -35,7 +37,16 @@ public Interceptor create(GatewayConfig gatewayConfig,
String name, Map<String,
if (ldapRolesLookupService == null ||
!ldapRolesLookupService.enabled()) {
throw new ServiceLifecycleException("LDAP roles lookup service not
found or disabled");
}
- return new LDAPRolesLookupInterceptor(ldapRolesLookupService);
+
+ // Configure the OID used for the RolesLookupBypassControl until an
official OID is available
+ String rolesLookupBypassControlOid =
gatewayConfig.getLdapRolesLookupBypassControlOid();
+ if (StringUtils.isNotBlank(rolesLookupBypassControlOid)) {
+ if (!Oid.isOid(rolesLookupBypassControlOid)) {
+ rolesLookupBypassControlOid = null;
Review Comment:
I see you are throwing `throw new ConfigurationException("Roles Lookup
Bypass Control OID is not valid");` below in `KnoxLDAPServerManager`. However,
I think that exception belongs here, when the factory wants to create an
instance of `LDAPRolesLookupInterceptor`.
The creation of this interceptor is also happening in
`KnoxLDAPServerManager.init()` by calling `createInterceptors`, so it'd fail
fast in case someone provided an invalid OID.
What do you think?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
