root
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Actions 24 Packages Projects Releases Wiki Activity

OPEN - issue SEC-960: DN Encoding in LDAPUserDetailsManager.changePassword() causes bind errors 

http://jira.springframework.org/browse/SEC-960. Replaced call to toUrl() with toString() to prevent URL encoding when setting up principal name for reconnect() in changePassword() method.
This commit is contained in:
Luke Taylor 2008-09-05 13:49:38 +00:00
parent c45b4e0989
commit 8661e17df9
2 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManager.java
View File

@ -184,7 +184,7 @@ public class LdapUserDetailsManager implements UserDetailsManager {
public Object executeWithContext(DirContext dirCtx) throws NamingException { public Object executeWithContext(DirContext dirCtx) throws NamingException {
LdapContext ctx = (LdapContext) dirCtx; LdapContext ctx = (LdapContext) dirCtx;
ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool"); ctx.removeFromEnvironment("com.sun.jndi.ldap.connect.pool");
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(dn, ctx).toUrl()); ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, LdapUtils.getFullDn(dn, ctx).toString());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, oldPassword); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, oldPassword);
// TODO: reconnect doesn't appear to actually change the credentials // TODO: reconnect doesn't appear to actually change the credentials
try { try {

16
core/src/test/java/org/springframework/security/userdetails/ldap/LdapUserDetailsManagerTests.java
View File

@ -46,8 +46,8 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
DirContextAdapter ctx = new DirContextAdapter(); DirContextAdapter ctx = new DirContextAdapter();
ctx.setAttributeValue("objectclass", "organizationalUnit"); ctx.setAttributeValue("objectclass", "organizationalUnit");
ctx.setAttributeValue("ou", "testpeople"); ctx.setAttributeValue("ou", "test people");
template.bind("ou=testpeople", ctx, null); template.bind("ou=test people", ctx, null);
ctx.setAttributeValue("ou", "testgroups"); ctx.setAttributeValue("ou", "testgroups");
template.bind("ou=testgroups", ctx, null); template.bind("ou=testgroups", ctx, null);
@ -56,13 +56,13 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
group.setAttributeValue("objectclass", "groupOfNames"); group.setAttributeValue("objectclass", "groupOfNames");
group.setAttributeValue("cn", "clowns"); group.setAttributeValue("cn", "clowns");
group.setAttributeValue("member", "cn=nobody,ou=testpeople,dc=springframework,dc=org"); group.setAttributeValue("member", "cn=nobody,ou=test people,dc=springframework,dc=org");
template.bind("cn=clowns,ou=testgroups", group, null); template.bind("cn=clowns,ou=testgroups", group, null);
group.setAttributeValue("cn", "acrobats"); group.setAttributeValue("cn", "acrobats");
template.bind("cn=acrobats,ou=testgroups", group, null); template.bind("cn=acrobats,ou=testgroups", group, null);
mgr.setUsernameMapper(new DefaultLdapUsernameToDnMapper("ou=testpeople","uid")); mgr.setUsernameMapper(new DefaultLdapUsernameToDnMapper("ou=test people","uid"));
mgr.setGroupSearchBase("ou=testgroups"); mgr.setGroupSearchBase("ou=testgroups");
mgr.setGroupRoleAttributeName("cn"); mgr.setGroupRoleAttributeName("cn");
mgr.setGroupMemberAttributeName("member"); mgr.setGroupMemberAttributeName("member");
@ -79,7 +79,7 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
// template.unbind((String) people.next() + ",ou=testpeople"); // template.unbind((String) people.next() + ",ou=testpeople");
// } // }
template.unbind("ou=testpeople",true); template.unbind("ou=test people",true);
template.unbind("ou=testgroups",true); template.unbind("ou=testgroups",true);
SecurityContextHolder.clearContext(); SecurityContextHolder.clearContext();
@ -116,7 +116,7 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
@Test @Test
public void testCreateNewUserSucceeds() { public void testCreateNewUserSucceeds() {
InetOrgPerson.Essence p = new InetOrgPerson.Essence(); InetOrgPerson.Essence p = new InetOrgPerson.Essence();
p.setCarLicense("XXX"); p.setCarLicense("XXX");
p.setCn(new String[] {"Joe Smeth"}); p.setCn(new String[] {"Joe Smeth"});
p.setDepartmentNumber("5679"); p.setDepartmentNumber("5679");
p.setDescription("Some description"); p.setDescription("Some description");
@ -130,7 +130,7 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
p.setRoomNumber("500X"); p.setRoomNumber("500X");
p.setSn("Smeth"); p.setSn("Smeth");
p.setUid("joe"); p.setUid("joe");
p.setAuthorities(TEST_AUTHORITIES); p.setAuthorities(TEST_AUTHORITIES);
mgr.createUser(p.createUserDetails()); mgr.createUser(p.createUserDetails());
@ -182,7 +182,7 @@ public class LdapUserDetailsManagerTests extends AbstractLdapIntegrationTests {
mgr.changePassword("yossarianspassword", "yossariansnewpassword"); mgr.changePassword("yossarianspassword", "yossariansnewpassword");
assertTrue(template.compare("uid=johnyossarian,ou=testpeople", assertTrue(template.compare("uid=johnyossarian,ou=test people",
"userPassword", "yossariansnewpassword")); "userPassword", "yossariansnewpassword"));
} }