Fix for SEC-202. Intialize manager password to default "manager_password_not_set".

2025-07-15 23:03:32 +00:00 · 2006-02-28 17:47:55 +00:00 · 2006-02-28 17:47:55 +00:00 · 7e7920ce00
commit 7e7920ce00
parent 555903d139
2 changed files with 24 additions and 3 deletions
--- a/core/src/main/java/org/acegisecurity/providers/ldap/DefaultInitialDirContextFactory.java
+++ b/core/src/main/java/org/acegisecurity/providers/ldap/DefaultInitialDirContextFactory.java
@ -100,7 +100,7 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory
    /**
     * The manager user's password.
     */
-    private String managerPassword = null;
+    private String managerPassword = "manager_password_not_set";

    /** Type of authentication within LDAP; default is simple. */
    private String authenticationType = "simple";
@ -164,6 +164,7 @@ public class DefaultInitialDirContextFactory implements InitialDirContextFactory

        Hashtable env = getEnvironment();
        env.put(Context.SECURITY_AUTHENTICATION, AUTH_TYPE_NONE);
+
        return connect(env);
    }

--- a/core/src/test/java/org/acegisecurity/providers/ldap/DefaultInitialDirContextFactoryTests.java
+++ b/core/src/test/java/org/acegisecurity/providers/ldap/DefaultInitialDirContextFactoryTests.java
@ -78,14 +78,34 @@ public class DefaultInitialDirContextFactoryTests extends AbstractLdapServerTest
        ctx.close();
    }

+    public void testBindAsManagerFailsIfNoPasswordSet() throws Exception {
+        idf.setManagerDn(MANAGER_USER);
+
+        DirContext ctx = null;
+
+        try {
+            ctx = idf.newInitialDirContext();
+            fail("Binding with no manager password should fail.");
+// Can't rely on this property being there with embedded server
+//        assertEquals("true",ctx.getEnvironment().get("com.sun.jndi.ldap.connect.pool"));
+        } catch(BadCredentialsException expected) {
+        }
+
+        LdapUtils.closeContext(ctx);
+    }
+
    public void testInvalidPasswordCausesBadCredentialsException() throws Exception {
        idf.setManagerDn(MANAGER_USER);
        idf.setManagerPassword("wrongpassword");
+
+        DirContext ctx = null;
        try {
-            DirContext ctx = idf.newInitialDirContext();
-            fail("Authentication with wrong credentials should fail.");
+            ctx = idf.newInitialDirContext();
+            fail("Binding with wrong credentials should fail.");
        } catch(BadCredentialsException expected) {
        }
+
+        LdapUtils.closeContext(ctx);
    }

    public void testConnectionAsSpecificUserSucceeds() throws Exception {