Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-01 08:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-837: Add special character filtering to LDAP search filterscore/src/test/java/org/springframework/security/ldap

Browse Source
This commit is contained in:
Luke Taylor 2008-05-20 19:22:49 +00:00
parent 219d2e8962
commit 3fb1f59fde
2 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
core/src/main/java/org/springframework/security/ldap/SpringSecurityLdapTemplate.java
View File

@ -22,6 +22,7 @@ import org.springframework.ldap.core.ContextSource;
import org.springframework.ldap.core.DirContextAdapter; import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations; import org.springframework.ldap.core.DirContextOperations;
import org.springframework.ldap.core.DistinguishedName; import org.springframework.ldap.core.DistinguishedName;
import org.springframework.ldap.core.LdapEncoder;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
@ -136,8 +137,15 @@ public class SpringSecurityLdapTemplate extends org.springframework.ldap.core.Ld
*/ */
public Set searchForSingleAttributeValues(final String base, final String filter, final Object[] params, public Set searchForSingleAttributeValues(final String base, final String filter, final Object[] params,
final String attributeName) { final String attributeName) {
// Escape the params acording to RFC2254
Object[] encodedParams = new String[params.length];
String formattedFilter = MessageFormat.format(filter, params); for (int i=0; i < params.length; i++) {
encodedParams[i] = LdapEncoder.filterEncode(params[i].toString());
}
String formattedFilter = MessageFormat.format(filter, encodedParams);
logger.debug("Using filter: " + formattedFilter);
final HashSet set = new HashSet(); final HashSet set = new HashSet();

11
core/src/test/resources/test-server.ldif
View File

@ -48,6 +48,16 @@ sn: Smeth
uid: joe uid: joe
userPassword: joespassword userPassword: joespassword
dn: cn=mouse\, jerry,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Mouse, Jerry
sn: Mouse
uid: jerry
userPassword: jerryspassword
dn: cn=developers,ou=groups,dc=springframework,dc=org dn: cn=developers,ou=groups,dc=springframework,dc=org
objectclass: top objectclass: top
objectclass: groupOfNames objectclass: groupOfNames
@ -62,6 +72,7 @@ objectclass: groupOfNames
cn: managers cn: managers
ou: manager ou: manager
member: uid=ben,ou=people,dc=springframework,dc=org member: uid=ben,ou=people,dc=springframework,dc=org
member: cn=mouse\, jerry,ou=people,dc=springframework,dc=org
dn: cn=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=org dn: cn=submanagers,ou=subgroups,ou=groups,dc=springframework,dc=org
objectclass: top objectclass: top