Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'jetty-9.3.x' into jetty-9.4.x

This commit is contained in:
Jesse McConnell 2016-06-17 18:57:07 -05:00
parent d05c282baa 99e1a16d07
commit c64e34c79f
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/LdapLoginModule.java
View File

@ -502,7 +502,17 @@ public class LdapLoginModule extends AbstractLoginModule
LOG.info("Attempting authentication: " + userDn);
Hashtable<Object,Object> environment = getEnvironment();
if ( userDn == null || "".equals(userDn) )
{
throw new NamingException("username may not be empty");
}
environment.put(Context.SECURITY_PRINCIPAL, userDn);
// RFC 4513 section 6.3.1, protect against ldap server implementations that allow successful binding on empty passwords
if ( password == null || "".equals(password))
{
throw new NamingException("password may not be empty");
}
environment.put(Context.SECURITY_CREDENTIALS, password);
DirContext dirContext = new InitialDirContext(environment);