Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-06 13:29:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix for SEC-237. Make LDAP Provider reject empty username.

Browse Source
This commit is contained in:
Luke Taylor 2006-04-16 16:41:08 +00:00
parent 743cc9fec7
commit 9c8a4c2f74
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
core/src/main/java/org/acegisecurity/providers/ldap/LdapAuthenticationProvider.java
View File

@ -21,11 +21,13 @@ import org.acegisecurity.ldap.LdapUserInfo;
import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.User;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.BadCredentialsException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import javax.naming.directory.Attributes;
@ -141,6 +143,12 @@ public class LdapAuthenticationProvider extends AbstractUserDetailsAuthenticatio
}
protected UserDetails retrieveUser(String username, UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
if(!StringUtils.hasLength(username)) {
throw new BadCredentialsException(messages.getMessage(
"LdapAuthenticationProvider.emptyUsername",
"Empty Username"));
}
if (logger.isDebugEnabled()) {
logger.debug("Retrieving user " + username);
}

2
core/src/main/resources/org/acegisecurity/messages.properties
View File

@ -37,9 +37,11 @@ SwitchUserProcessingFilter.disabled=User is disabled
SwitchUserProcessingFilter.expired=User account has expired
SwitchUserProcessingFilter.credentialsExpired=User credentials have expired
AbstractAccessDecisionManager.accessDenied=Access is denied
LdapAuthenticationProvider.emptyUsername=Empty username not allowed
DefaultIntitalDirContextFactory.communicationFailure=Unable to connect to LDAP server
DefaultIntitalDirContextFactory.badCredentials=Bad credentials
DefaultIntitalDirContextFactory.unexpectedException=Failed to obtain InitialDirContext due to unexpected exception
PasswordComparisonAuthenticator.badCredentials=Bad credentials
BindAuthenticator.badCredentials=Bad credentials
BindAuthenticator.failedToLoadAttributes=Bad credentials