Permission denied if using data manager on LDAPUserSyncStrategy

buchholz · May 19, 2022, 6:06am

We mentioned that we get an permission denied if we autowire the data manager in the LDAPUserSyncStrategy class when using LDAP addon.

We wanted to map an additional property from another source outside the LDAP and loaded this with data manager. To get permission to do so, while we’re still anonymous/new user, we use system authentication. That works fine so far. But when saving the authority roles we get permission denied.

While searching for the error we found that we don’t need to use data manager or system authenticaton but autowiring is enough to get this error.

We now moved the lookup to a service and that’s working fine again.

Are you aware of this behavior?

a.artemev · May 20, 2022, 12:52pm

Hello @buchholz,

I’m not sure that I understand correctly the problem you faced with, could you please provide a test project with reproduced problem?

If your class extends io.jmix.ldap.userdetails.AbstractLdapUserDetailsSynchronizationStrategy it already has autowired dataManager field that allows to store role assignments.

So, please provide a little bit more information and a test project.

Regards,
Artem

buchholz · May 30, 2022, 8:53am

Hi @a.artemev ,

you’re completely right. I didn’t mention that we already use dataManager in the LDAPUserSyncStrategy. With autowiring it again in the extending class we override the protected one from AbstractLdapUserDetailsSynchronizationStrategy and that causes the error.

Sorry for this mistake.

Regards,
Erik