Spring-security: SEC-2536: Provision to change ldap/Ad provider url at run time

Created on 27 Mar 2014  路  4Comments  路  Source: spring-projects/spring-security

sagar bhandare (Migrated from SEC-2536) said:

Hi,
Currently the ldap or active directory url can be passed only at application start up through xml or java configuration. There is no provision to update the url without restarting the application. I have achieved this for ldap by extending LdapAuthenticationProvider, setting properties on abstractContextSource and calling afterPropertiesSet method. For ActiveDirectoryLdapAuthenticationProvider its not possible as the class is marked as final.
Is there any chance we can provide this as a part of framework itself?

ldap invalid enhancement jira
Source
picture spring-issuemaster

Most helpful comment

Rob Winch said:

You never need Spring to do Dependency Injection as any code can invoke a setter method (that is the beauty of Dependency Injection).

If you need to dynamically change the URL, I would recommend using the composite pattern. For example:

public DynamicAuthenticationProvider implements AuthenticationProvider {
    private AuthenticationProvider delegate;

    public synchronized Authentication authenticate(Authentication authentication)
        throws AuthenticationException {
        return delegate.authenticate(authentication);
    }

    public synchronized boolean supports(Class<?> authentication) {
        return delegate.authenticate(authentication);
    }

   public void configure(String domain, String url) {
        ActiveDirectoryLdapAuthenticationProvider delegate = new ActiveDirectoryLdapAuthenticationProvider(domain, url);
        ...
        synchronized(this) {
            this.delegate = delegate;
        }
   }
}
picture spring-issuemaster on 1 Apr 2014
👍31

All 4 comments

Michael Osipov said:

This is a common problem in the entire Spring Framework not limited to Spring Security. The only option I see is to use XML config and call refresh on the framework. Java config is static.

spring-issuemaster picture spring-issuemaster on 29 Mar 2014

Rob Winch said:

You never need Spring to do Dependency Injection as any code can invoke a setter method (that is the beauty of Dependency Injection).

If you need to dynamically change the URL, I would recommend using the composite pattern. For example:

public DynamicAuthenticationProvider implements AuthenticationProvider {
    private AuthenticationProvider delegate;

    public synchronized Authentication authenticate(Authentication authentication)
        throws AuthenticationException {
        return delegate.authenticate(authentication);
    }

    public synchronized boolean supports(Class<?> authentication) {
        return delegate.authenticate(authentication);
    }

   public void configure(String domain, String url) {
        ActiveDirectoryLdapAuthenticationProvider delegate = new ActiveDirectoryLdapAuthenticationProvider(domain, url);
        ...
        synchronized(this) {
            this.delegate = delegate;
        }
   }
}
spring-issuemaster picture spring-issuemaster on 1 Apr 2014
👍31

sagar bhandare said:

Thanks a lot Rob, I wonder why I made things such complicated. I was trying to update the singleton bean created by spring at start up. Your solution makes my code much cleaner and solves my problem. :) Thanks for your help.

spring-issuemaster picture spring-issuemaster on 2 Apr 2014

Rob Winch said:

You are quite welcome. I'm glad I could help. Closing this issue as invalid per feedback.

spring-issuemaster picture spring-issuemaster on 2 Apr 2014
Was this page helpful?
0 / 5 - 0 ratings

Related issues

adolfoweloy picture adolfoweloy  路  3Comments
donhuvy picture donhuvy  路  3Comments
mageddo picture mageddo  路  4Comments
joshlong picture joshlong  路  3Comments
xingfudeshi picture xingfudeshi  路  3Comments