Hi, understand, ok, will give a try! Regs,Vladimir
2016-12-01 16:37 GMT+01:00 Dan Haywood <d...@haywood-associates.co.uk>: > Yes, not a bug but a feature :-) However, if you want to create a PR to > make the behaviour configurable, will be very happy to review. > > Cheers > Dan > > On Thu, 1 Dec 2016 at 15:32 Vladimir Nišević <vnise...@gmail.com> wrote: > > > Hi, I am using security module in combination with our Active Directory: > > > > 1. Roles and delegate users (without passwords) are created in Isis > > security module > > 2. Authentication is done thru company Active Directory > > > > > > I think, I've found an issue in this setup: As part of login procedure, > if > > the user doesn't exist in Isis security, it will be automatically created > > as new delegate user (with Status=Disabled). This leads to potentially > many > > users in security module, every time when somebody e.g. mistypes the > > username. > > > > > > Here my shiro.ini > > > > *[main]* > > *isisModuleSecurityRealm = > > org.isisaddons.module.security.shiro.IsisModuleSecurityRealm* > > *authenticationStrategy = > > > > org.isisaddons.module.security.shiro.AuthenticationStrategyForIsisM > oduleSecurityRealm* > > *securityManager.authenticator.authenticationStrategy = > > $authenticationStrategy* > > *securityManager.realms = $isisModuleSecurityRealm* > > *isisModuleSecurityRealm.delegateAuthenticationRealm=$ > activeDirectoryRealm* > > *activeDirectoryRealm = > > org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm* > > *activeDirectoryRealm.searchBase =********* > > *activeDirectoryRealm.url = ****** > > > > I think the bug is in the class > > > > org.isisaddons.module.security.shiro.IsisModuleSecurityRealm > > > > line 48: > > * PrincipalForApplicationUser principal = this.lookupPrincipal(username, > > this.hasDelegateAuthenticationRealm());* > > > > it should be: > > * PrincipalForApplicationUser principal = this.lookupPrincipal(username, > > false);* > > > > Or was it on purpose to auto create new delegate user on every login > > attempt? > > > > > > Regards > > Vladimir > > >