Hi,
I am using Roller v3.0 on WebLogic v8.1.5. I turned on the LDAP authentication
in security.xml file and found a problem with auto user provisioning
specifically when AnonymousProcessingFilter is disabled. The ACEGI classes will
not allow a legitimate LDAP account to proceed to create a weblog after LDAP
authentication as the minimum role of 'editor' is only created after auto user
provisioning. Although the auto provisioning does execute successfully and the
user's account is created in Roller DB, the new user will encounter a '403 -
Access Denied' HTTP error after the first time login. I have to restart the
application so that ACEGI can now pick up the additional 'editor' role granted.
I workaround the problem by extending the existing ACEGI classes and modifying
the RollerSession class (please see
http://codeharmonics.blogspot.com/2007/02/roller-v30-with-active-directory-non.html).
Basically, I had to re-create the user principal object and refresh the user
cache. I believe a better way to do this is to perform the auto user
provisioning in the filter classes instead. Please consider allowing auto
provisioning in the filter class so that the authentication mechanism can work
more intuitively.
Lastly, I am not in the mailing list, would appreciate if you can include me
in the dev list. Thank you very much.
Warmest regards,
Damon Chong
________________________________________________________________________
Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam
and email virus protection.
