Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-357

GroupRolesMapping for LDAP using shiro.ini users should be case insensitive

    XMLWordPrintable

Details

    Description

      Current Situation

      When using LDAP for authentication and shiro.ini for authorization the login principal name is used for the search of the user in shiro.ini.

      This search is case sensitive.
      The search looks for the given principal also when a domain is given.

      Example:
      login with domain\account will not find the entry account@domain in the shiro.ini and viceversa

      login with domain\Account will not find domain\account in the shiro.ini.

      Desired Behaviour

      When using LDAP for authentication and shiro.ini for authorization the login principal name is used for the search of the user in shiro.ini.

      This search should be case insensitive.
      When a domain is used and the entry was not found in the shiro.ini the alternative entry should be searched.

      Also the debug logging for the groupRolesMapping should show for what group names is the shiro.ini searched.

      "Analysing groupRolesMapping: %s"
      "Looking for group: %s"
      "roles for group %s: %s"
      "Group %s not found in groupRolesMapping"

      Example:
      login with domain\account should find the entry account@domain in the shiro.ini and viceversa

      login with domain\Account should find domain\account in the shiro.ini.

      Attachments

        Activity

          People

            ur Uwe Risse
            ur Uwe Risse
            Alan Amos Alan Amos
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: