SEC-1670: Take account of JNDI CompositeName escaping in value of SearchResult.getName() when performing a search for a user entry in SpringSecurityLdapTemplate.
This commit is contained in:
parent
4e349904e5
commit
a790c7e192
|
@ -44,8 +44,8 @@ access to dn.subtree="ou=users,dc=qbe,dc=com"
|
||||||
by * read
|
by * read
|
||||||
|
|
||||||
|
|
||||||
overlay ppolicy
|
#overlay ppolicy
|
||||||
ppolicy_default "cn=default,ou=policies,dc=springsource,dc=com"
|
#ppolicy_default "cn=default,ou=policies,dc=springsource,dc=com"
|
||||||
ppolicy_use_lockout
|
#ppolicy_use_lockout
|
||||||
ppolicy_hash_cleartext
|
#ppolicy_hash_cleartext
|
||||||
|
|
||||||
|
|
|
@ -20,6 +20,7 @@ import java.util.Arrays;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
|
import javax.naming.CompositeName;
|
||||||
import javax.naming.NamingEnumeration;
|
import javax.naming.NamingEnumeration;
|
||||||
import javax.naming.NamingException;
|
import javax.naming.NamingException;
|
||||||
import javax.naming.PartialResultException;
|
import javax.naming.PartialResultException;
|
||||||
|
@ -208,7 +209,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
|
||||||
while (resultsEnum.hasMore()) {
|
while (resultsEnum.hasMore()) {
|
||||||
SearchResult searchResult = resultsEnum.next();
|
SearchResult searchResult = resultsEnum.next();
|
||||||
// Work out the DN of the matched entry
|
// Work out the DN of the matched entry
|
||||||
DistinguishedName dn = new DistinguishedName(searchResult.getName());
|
DistinguishedName dn = new DistinguishedName(new CompositeName(searchResult.getName()));
|
||||||
|
|
||||||
if (base.length() > 0) {
|
if (base.length() > 0) {
|
||||||
dn.prepend(searchBaseDn);
|
dn.prepend(searchBaseDn);
|
||||||
|
|
|
@ -113,6 +113,8 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
|
||||||
// Check for password policy control
|
// Check for password policy control
|
||||||
PasswordPolicyControl ppolicy = PasswordPolicyControlExtractor.extractControl(ctx);
|
PasswordPolicyControl ppolicy = PasswordPolicyControlExtractor.extractControl(ctx);
|
||||||
|
|
||||||
|
logger.debug("Retrieving attributes...");
|
||||||
|
|
||||||
Attributes attrs = ctx.getAttributes(userDn, getUserAttributes());
|
Attributes attrs = ctx.getAttributes(userDn, getUserAttributes());
|
||||||
|
|
||||||
DirContextAdapter result = new DirContextAdapter(attrs, userDn, ctxSource.getBaseLdapPath());
|
DirContextAdapter result = new DirContextAdapter(attrs, userDn, ctxSource.getBaseLdapPath());
|
||||||
|
|
|
@ -48,7 +48,7 @@ public abstract class AbstractLdapIntegrationTests {
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
public static void startServer() throws Exception {
|
public static void startServer() throws Exception {
|
||||||
contextSource = new DefaultSpringSecurityContextSource("ldap://127.0.0.1:53389/dc=springframework,dc=org");
|
contextSource = new DefaultSpringSecurityContextSource("ldap://127.0.0.1:53389/dc=springframework,dc=org");
|
||||||
// OpenLDAP option
|
// OpenLDAP configuration
|
||||||
// contextSource = new DefaultSpringSecurityContextSource("ldap://127.0.0.1:22389/dc=springsource,dc=com");
|
// contextSource = new DefaultSpringSecurityContextSource("ldap://127.0.0.1:22389/dc=springsource,dc=com");
|
||||||
// contextSource.setUserDn("cn=admin,dc=springsource,dc=com");
|
// contextSource.setUserDn("cn=admin,dc=springsource,dc=com");
|
||||||
// contextSource.setPassword("password");
|
// contextSource.setPassword("password");
|
||||||
|
|
|
@ -82,7 +82,9 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
|
||||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken("slash/guy", "slashguyspassword"));
|
authenticator.authenticate(new UsernamePasswordAuthenticationToken("slash/guy", "slashguyspassword"));
|
||||||
// SEC-1661
|
// SEC-1661
|
||||||
authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=\\\"quoted people\\\"", "(cn={0})", getContextSource()));
|
authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=\\\"quoted people\\\"", "(cn={0})", getContextSource()));
|
||||||
authenticator.authenticate(new UsernamePasswordAuthenticationToken("quoteguy", "quoteguyspassword"));
|
authenticator.authenticate(new UsernamePasswordAuthenticationToken("quote\"guy", "quoteguyspassword"));
|
||||||
|
authenticator.setUserSearch(new FilterBasedLdapUserSearch("", "(cn={0})", getContextSource()));
|
||||||
|
authenticator.authenticate(new UsernamePasswordAuthenticationToken("quote\"guy", "quoteguyspassword"));
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -73,12 +73,12 @@ sn: Slash
|
||||||
uid: slashguy
|
uid: slashguy
|
||||||
userPassword: slashguyspassword
|
userPassword: slashguyspassword
|
||||||
|
|
||||||
dn: cn=quoteguy,ou=\"quoted people\",dc=springframework,dc=org
|
dn: cn=quote\"guy,ou=\"quoted people\",dc=springframework,dc=org
|
||||||
objectclass: top
|
objectclass: top
|
||||||
objectclass: person
|
objectclass: person
|
||||||
objectclass: organizationalPerson
|
objectclass: organizationalPerson
|
||||||
objectclass: inetOrgPerson
|
objectclass: inetOrgPerson
|
||||||
cn: quoteguy
|
cn: quote\"guy
|
||||||
sn: Quote
|
sn: Quote
|
||||||
uid: quoteguy
|
uid: quoteguy
|
||||||
userPassword: quoteguyspassword
|
userPassword: quoteguyspassword
|
||||||
|
|
Loading…
Reference in New Issue