From ee50d6e334b79d5f0979710896be82e8d0e57391 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Wed, 31 May 2006 16:54:27 +0000 Subject: [PATCH] SEC-281: Modified to use Spring 1.2 compatible exception class for incorrect search results size. --- .../main/java/org/acegisecurity/ldap/LdapTemplate.java | 9 ++++----- .../ldap/search/FilterBasedLdapUserSearch.java | 10 +++++++--- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/core/src/main/java/org/acegisecurity/ldap/LdapTemplate.java b/core/src/main/java/org/acegisecurity/ldap/LdapTemplate.java index 3d052a8a96..ff87346f08 100644 --- a/core/src/main/java/org/acegisecurity/ldap/LdapTemplate.java +++ b/core/src/main/java/org/acegisecurity/ldap/LdapTemplate.java @@ -16,7 +16,6 @@ package org.acegisecurity.ldap; import org.springframework.dao.DataAccessException; -import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.dao.IncorrectResultSizeDataAccessException; import org.springframework.util.Assert; @@ -234,8 +233,7 @@ public class LdapTemplate { * * @return the object created by the mapper from the matching entry * - * @throws EmptyResultDataAccessException if no results are found. - * @throws IncorrectResultSizeDataAccessException if the search returns more than one result. + * @throws IncorrectResultSizeDataAccessException if no results are found or the search returns more than one result. */ public Object searchForSingleEntry(final String base, final String filter, final Object[] params, final LdapEntryMapper mapper) { @@ -245,13 +243,14 @@ public class LdapTemplate { NamingEnumeration results = ctx.search(base, filter, params, searchControls); if (!results.hasMore()) { - throw new EmptyResultDataAccessException(1); + throw new IncorrectResultSizeDataAccessException(1, 0); } SearchResult searchResult = (SearchResult) results.next(); if (results.hasMore()) { - throw new IncorrectResultSizeDataAccessException(1); + // We don't know how many results but set to 2 which is good enough + throw new IncorrectResultSizeDataAccessException(1, 2); } // Work out the DN of the matched entry diff --git a/core/src/main/java/org/acegisecurity/ldap/search/FilterBasedLdapUserSearch.java b/core/src/main/java/org/acegisecurity/ldap/search/FilterBasedLdapUserSearch.java index 7c71d25ecf..8d30994938 100644 --- a/core/src/main/java/org/acegisecurity/ldap/search/FilterBasedLdapUserSearch.java +++ b/core/src/main/java/org/acegisecurity/ldap/search/FilterBasedLdapUserSearch.java @@ -27,7 +27,7 @@ import org.acegisecurity.userdetails.ldap.LdapUserDetailsMapper; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.springframework.dao.EmptyResultDataAccessException; +import org.springframework.dao.IncorrectResultSizeDataAccessException; import org.springframework.util.Assert; @@ -123,8 +123,12 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch { user.setUsername(username); return user.createUserDetails(); - } catch (EmptyResultDataAccessException notFound) { - throw new UsernameNotFoundException("User " + username + " not found in directory."); + } catch (IncorrectResultSizeDataAccessException notFound) { + if(notFound.getActualSize() == 0) { + throw new UsernameNotFoundException("User " + username + " not found in directory."); + } + // Search should never return multiple results if properly configured, so just rethrow + throw notFound; } }