Closed mboskamp closed 1 year ago
Introduce a plugin configuration flag that controls whether an LdapAuthenticationException
is silently caught or re-thrown in the password check method
Pros:
Cons:
ProcessEngineException
handling will still work here. Also, only users are affected that explicitly enable this functionality in the plugin.The webapps could use a different password check method than the Java API. This dedicated method would re-throw the LdapAuthenticationException
.
Pros:
LdapAuthenticationException
only in the webappsCons:
Decision:
We will go with solution 1: plugin config flag
Acceptance Criteria (Required on creation)
The LDAP identity plugin can perform a password check for a given user. If the LDAP server responds with an error, this error is never propagated back to the calling code. There should be a way to handle those exceptions as
ProcessEngineException
s.Hints
This code performs the password check and handles the returned error.
Links
Breakdown