4 Replies Latest reply on Feb 7, 2009 1:35 AM by tognado

    ldapIdentityStore and JpaIdentityStore together causes an error in my particular use case

    traviskds
    traviskds Nov 24, 2008 8:27 AM

      Basically I use an LdapIdentityStore for user-related operations, and JpaIdentityStore for role-related operations and have configured it as follows:



        <security:identity-manager 
    identity-store="#{ldapIdentityStore}" 
    role-identity-store="#{jpaIdentityStore}"/>




      My use case is such that, I want all access to the system to be authenticated via Active Directory (ie. ldap) so we can capture the user. But for certain pages, I want only certain users (i.e. admins of the app) to be able to view and modify. Therefore in our jpaIdentityStore we will not have all the users but only the admin users. (we cannot add all the users as we have thousands of them. That is why we are authenticating via Active directory.)


      The problem is when a user who is not in the jpaIdentityStore authenticates, it throws a “No such user” error. I checked the source of the JpaIdentityStore class and for most methods, it does a lookupUser which causes this error.


      My requirement is even if the user is not in the jpaIdentityStore, it still should allow to authenticate (as we are doing it off the ldapIdentityStore). Is there a way to handle this or have I got to create my own jpaIdentityStore class and remove the lookupUser for certain methods?


      Ideally if seam can detect if the user operation is not done via jpaIdentityStore, then it should not do a lookupUser.


      Appreciate your views.