Hello, I have copied and used this code and had a small problem with it. If you don't specify the roleCtxDn and roleFilter parameters it throws an error. As I have a seperate database table for roles and only wanted to use LDAP for Authentication this was a problem for me. I just skipped the role checking when the parameters where null but you could make it an explicit option.
// Query for roles matching the role filter if ((rolesCtxDN != null) && (roleFilter != null)) { SearchControls constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); constraints.setReturningAttributes(new String[0]); constraints.setTimeLimit(searchTimeLimit); rolesSearch(ctx, constraints, username, userDN, recursion, 0); } Also all the options are added to the sign-on environment even when they are not used which seems a bit dangerous to me. (It works with or without them!) private InitialLdapContext constructInitialLdapContext(String dn, Object credential) throws NamingException { Properties env = new Properties(); Iterator iter = options.entrySet().iterator(); while (iter.hasNext()) { Entry entry = (Entry) iter.next(); env.put(entry.getKey(), entry.getValue()); } View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3906038#3906038 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3906038 ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user