From a5a5f71553f737dc3c9ab4af70f17f58dd9172f3 Mon Sep 17 00:00:00 2001
From: Patrick Hobusch <patrick@hobusch.net>
Date: Thu, 16 May 2024 21:01:58 +0800
Subject: [PATCH] Applications: Don't require to set auth groups if all users
 allowed

---
 .../confapi/crowd/service/ApplicationsServiceImpl.java   | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/main/java/de/aservo/confapi/crowd/service/ApplicationsServiceImpl.java b/src/main/java/de/aservo/confapi/crowd/service/ApplicationsServiceImpl.java
index 0fda00f..dc50efd 100644
--- a/src/main/java/de/aservo/confapi/crowd/service/ApplicationsServiceImpl.java
+++ b/src/main/java/de/aservo/confapi/crowd/service/ApplicationsServiceImpl.java
@@ -269,9 +269,16 @@ ApplicationDirectoryMapping toApplicationDirectoryMapping(
         applicationDirectoryMappingBuilder.setDirectory(findDirectory(applicationBeanDirectoryMapping.getDirectoryName(), directoryManager));
 
         if (applicationBeanDirectoryMapping.getAuthenticationAllowAll() != null) {
-            applicationDirectoryMappingBuilder.setAllowAllToAuthenticate(applicationBeanDirectoryMapping.getAuthenticationAllowAll());
+            final boolean authenticationAllowAll = applicationBeanDirectoryMapping.getAuthenticationAllowAll();
+            applicationDirectoryMappingBuilder.setAllowAllToAuthenticate(authenticationAllowAll);
+
+            // don't require to set authentication groups if all users are allowed to authenticate
+            if (authenticationAllowAll) {
+                applicationDirectoryMappingBuilder.setAuthorisedGroupNames(Collections.emptySet());
+            }
         }
 
+        // even if all users are allowed to authenticate, it does not hurt to set (ignored) authentication groups if they got passed
         if (applicationBeanDirectoryMapping.getAuthenticationGroups() != null) {
             applicationDirectoryMappingBuilder.setAuthorisedGroupNames(new HashSet<>(applicationBeanDirectoryMapping.getAuthenticationGroups()));
         }