SEC-1670: Take account of JNDI CompositeName escaping in value of SearchResult.getName() when performing a search for a user entry in SpringSecurityLdapTemplate.

This commit is contained in:
Luke Taylor 2011-02-03 17:57:43 +00:00
parent 4e349904e5
commit a790c7e192
6 changed files with 14 additions and 9 deletions

View File

@ -44,8 +44,8 @@ access to dn.subtree="ou=users,dc=qbe,dc=com"
by * read
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=springsource,dc=com"
ppolicy_use_lockout
ppolicy_hash_cleartext
#overlay ppolicy
#ppolicy_default "cn=default,ou=policies,dc=springsource,dc=com"
#ppolicy_use_lockout
#ppolicy_hash_cleartext

View File

@ -20,6 +20,7 @@ import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.naming.CompositeName;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.PartialResultException;
@ -208,7 +209,7 @@ public class SpringSecurityLdapTemplate extends LdapTemplate {
while (resultsEnum.hasMore()) {
SearchResult searchResult = resultsEnum.next();
// Work out the DN of the matched entry
DistinguishedName dn = new DistinguishedName(searchResult.getName());
DistinguishedName dn = new DistinguishedName(new CompositeName(searchResult.getName()));
if (base.length() > 0) {
dn.prepend(searchBaseDn);

View File

@ -113,6 +113,8 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
// Check for password policy control
PasswordPolicyControl ppolicy = PasswordPolicyControlExtractor.extractControl(ctx);
logger.debug("Retrieving attributes...");
Attributes attrs = ctx.getAttributes(userDn, getUserAttributes());
DirContextAdapter result = new DirContextAdapter(attrs, userDn, ctxSource.getBaseLdapPath());

View File

@ -48,7 +48,7 @@ public abstract class AbstractLdapIntegrationTests {
@BeforeClass
public static void startServer() throws Exception {
contextSource = new DefaultSpringSecurityContextSource("ldap://127.0.0.1:53389/dc=springframework,dc=org");
// OpenLDAP option
// OpenLDAP configuration
// contextSource = new DefaultSpringSecurityContextSource("ldap://127.0.0.1:22389/dc=springsource,dc=com");
// contextSource.setUserDn("cn=admin,dc=springsource,dc=com");
// contextSource.setPassword("password");

View File

@ -82,7 +82,9 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
authenticator.authenticate(new UsernamePasswordAuthenticationToken("slash/guy", "slashguyspassword"));
// SEC-1661
authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=\\\"quoted people\\\"", "(cn={0})", getContextSource()));
authenticator.authenticate(new UsernamePasswordAuthenticationToken("quoteguy", "quoteguyspassword"));
authenticator.authenticate(new UsernamePasswordAuthenticationToken("quote\"guy", "quoteguyspassword"));
authenticator.setUserSearch(new FilterBasedLdapUserSearch("", "(cn={0})", getContextSource()));
authenticator.authenticate(new UsernamePasswordAuthenticationToken("quote\"guy", "quoteguyspassword"));
}
/*
@Test

View File

@ -73,12 +73,12 @@ sn: Slash
uid: slashguy
userPassword: slashguyspassword
dn: cn=quoteguy,ou=\"quoted people\",dc=springframework,dc=org
dn: cn=quote\"guy,ou=\"quoted people\",dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: quoteguy
cn: quote\"guy
sn: Quote
uid: quoteguy
userPassword: quoteguyspassword