SEC-1915: Polish

* Restore default search filter to remain passive * Check the search filter in setSearchFilter * Add additional tests
2025-07-02 16:52:14 +00:00 · 2015-02-24 21:37:08 -06:00 · 2015-02-24 21:37:08 -06:00 · 2df05ee2c3
commit 2df05ee2c3
parent 72bc6bf539
1 changed files with 36 additions and 4 deletions
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
@ -46,10 +46,7 @@ import java.util.Hashtable;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
-import static org.mockito.Mockito.any;
-import static org.mockito.Mockito.eq;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.*;
 import static org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider.ContextFactory;

 /**
@ -124,6 +121,41 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
        assertTrue(result.isAuthenticated());
    }

+    @Test
+    public void defaultSearchFilter() throws Exception {
+        //given
+        final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
+
+        DirContext ctx = mock(DirContext.class);
+        when(ctx.getNameInNamespace()).thenReturn("");
+
+        DirContextAdapter dca = new DirContextAdapter();
+        SearchResult sr = new SearchResult("CN=Joe Jannsen,CN=Users", dca, dca.getAttributes());
+        when(ctx.search(any(Name.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class)))
+                .thenReturn(new MockNamingEnumeration(sr));
+
+        ActiveDirectoryLdapAuthenticationProvider customProvider
+                = new ActiveDirectoryLdapAuthenticationProvider("mydomain.eu", "ldap://192.168.1.200/");
+        customProvider.contextFactory = createContextFactoryReturning(ctx);
+
+        //when
+        Authentication result = customProvider.authenticate(joe);
+
+        //then
+        assertTrue(result.isAuthenticated());
+        verify(ctx).search(any(DistinguishedName.class), eq(defaultSearchFilter), any(Object[].class), any(SearchControls.class));
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void setSearchFilterNull() {
+        provider.setSearchFilter(null);
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void setSearchFilterEmpty() {
+        provider.setSearchFilter(" ");
+    }
+
    @Test
    public void nullDomainIsSupportedIfAuthenticatingWithFullUserPrincipal() throws Exception {
        provider = new ActiveDirectoryLdapAuthenticationProvider(null, "ldap://192.168.1.200/");