From b4cbcee7f072c2364abd7e0d8a2476a00ae43f6e Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@vmware.com>
Date: Fri, 13 Sep 2013 15:53:35 -0700
Subject: [PATCH] SEC-2308: DefaultSpringSecurityContextSource allow empty
 baseUrl

---
 .../DefaultSpringSecurityContextSourceTests.java   | 14 ++++++++++++++
 .../ldap/DefaultSpringSecurityContextSource.java   |  3 ---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
index 4246d22190..0661de7a47 100644
--- a/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
+++ b/ldap/src/integration-test/java/org/springframework/security/ldap/DefaultSpringSecurityContextSourceTests.java
@@ -95,6 +95,20 @@ public class DefaultSpringSecurityContextSourceTests extends AbstractLdapIntegra
         assertTrue(ctxSrc.isPooled());
     }
 
+    // SEC-2308
+    @Test
+    public void instantiationSuceedsWithEmtpyBaseDn() throws Exception {
+        String baseDn = "";
+        List<String> serverUrls = new ArrayList<String>();
+        serverUrls.add("ldap://foo:789");
+        serverUrls.add("ldap://bar:389");
+        serverUrls.add("ldaps://blah:636");
+        DefaultSpringSecurityContextSource ctxSrc = new DefaultSpringSecurityContextSource(serverUrls, baseDn);
+
+        assertFalse(ctxSrc.isAnonymousReadOnly());
+        assertTrue(ctxSrc.isPooled());
+    }
+
     @Test(expected=IllegalArgumentException.class)
     public void instantiationFailsWithIncorrectServerUrl() throws Exception {
         List<String> serverUrls = new ArrayList<String>();
diff --git a/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java b/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
index d7492c91c1..729873403a 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/DefaultSpringSecurityContextSource.java
@@ -123,9 +123,6 @@ public class DefaultSpringSecurityContextSource extends LdapContextSource {
             if ("".equals(trimmedUrl)) {
                 continue;
             }
-            if (trimmedUrl.contains(trimmedBaseDn)) {
-                throw new IllegalArgumentException("LDAP URL string must not include the base DN! '" + trimmedUrl + "'");
-            }
 
             providerUrl.append(trimmedUrl);
             if (! trimmedUrl.endsWith("/")) {