...
- Let the inner ldap authN handler to its job which is to execute the authentication query. This will execute one query only as part of which the LPPE authN handler should be able to instruct the inner ldap handler to retrieve additional (custom) attributes necessary for LPPE processing.
- Allows Allow for a semi-comprehensive construction of a given PasswordPolicyConfiguration which is constructed based on account state and retrieved attributes.
- Take advantage of the machinery provided by the AbstractLdapUsernamePasswordAuthenticationHandler class, such as principal transformers as opposed to duplicating the same elements over.
- Exposes better control for detecting ldap error definitions before/during authentication as well as examining the account state post authentication, using the constructed PasswordPolicyConfiguration.
...