Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Pass username as second parameter for search filter. 

Allows the username only (without domain) to be used in custom search filter like "sAMAccountName={1}",
in eg. situations where the userPrincipalName has a different suffix than domain.

Thanks to contributors in issue.

fixes gh-2448
This commit is contained in:
Trygve Aasjord 2017-07-18 22:11:04 +02:00 committed by Rob Winch
parent cdcf65de1e
commit 8d717c62af
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
View File

@ -312,7 +312,7 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
try { try {
return SpringSecurityLdapTemplate.searchForSingleEntryInternal(context, return SpringSecurityLdapTemplate.searchForSingleEntryInternal(context,
searchControls, searchRoot, searchFilter, searchControls, searchRoot, searchFilter,
new Object[] { bindPrincipal }); new Object[] { bindPrincipal, username });
} }
catch (IncorrectResultSizeDataAccessException incorrectResults) { catch (IncorrectResultSizeDataAccessException incorrectResults) {
// Search should never return multiple results if properly configured - just // Search should never return multiple results if properly configured - just
@ -383,7 +383,8 @@ public final class ActiveDirectoryLdapAuthenticationProvider extends
/** /**
* The LDAP filter string to search for the user being authenticated. Occurrences of * The LDAP filter string to search for the user being authenticated. Occurrences of
* {0} are replaced with the {@code username@domain}. * {0} are replaced with the {@code username@domain}. Occurrences of {1} are replaced
* with the {@code username} only.
* <p> * <p>
* Defaults to: {@code (&(objectClass=user)(userPrincipalName= 0}))} * Defaults to: {@code (&(objectClass=user)(userPrincipalName= 0}))}
* </p> * </p>

6
ldap/src/test/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
View File

@ -140,9 +140,9 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
any(Object[].class), any(SearchControls.class)); any(Object[].class), any(SearchControls.class));
} }
// SEC-2897 // SEC-2897,SEC-2224
@Test @Test
public void bindPrincipalUsed() throws Exception { public void bindPrincipalAndUsernameUsed() throws Exception {
// given // given
final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))"; final String defaultSearchFilter = "(&(objectClass=user)(userPrincipalName={0}))";
ArgumentCaptor<Object[]> captor = ArgumentCaptor.forClass(Object[].class); ArgumentCaptor<Object[]> captor = ArgumentCaptor.forClass(Object[].class);
@ -166,7 +166,7 @@ public class ActiveDirectoryLdapAuthenticationProviderTests {
Authentication result = customProvider.authenticate(joe); Authentication result = customProvider.authenticate(joe);
// then // then
assertThat(captor.getValue()).containsOnly("joe@mydomain.eu"); assertThat(captor.getValue()).containsExactly("joe@mydomain.eu", "joe");
assertThat(result.isAuthenticated()).isTrue(); assertThat(result.isAuthenticated()).isTrue();
} }