You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2021/04/13 14:23:28 UTC
[tomcat] 05/10: Expand tests and fix an issue in escaping for group
search
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit b930d0b3161d9ec78d5fa57f886ed2de4680518b
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Apr 13 12:11:35 2021 +0100
Expand tests and fix an issue in escaping for group search
---
java/org/apache/catalina/realm/JNDIRealm.java | 9 +++++++-
.../catalina/realm/TestJNDIRealmIntegration.java | 26 ++++++++++++++--------
2 files changed, 25 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java b/java/org/apache/catalina/realm/JNDIRealm.java
index ec36187..cdb9f9e 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -1847,7 +1847,11 @@ public class JNDIRealm extends RealmBase {
return null;
}
+ // This is returned from the directory so will be attribute value
+ // escaped if required
String dn = user.getDN();
+ // This is the name the user provided to the authentication process so
+ // it will not be escaped
String username = user.getUserName();
String userRoleId = user.getUserRoleId();
@@ -1880,7 +1884,10 @@ public class JNDIRealm extends RealmBase {
}
// Set up parameters for an appropriate search
- String filter = connection.roleFormat.format(new String[] { doFilterEscaping(dn), username, userRoleId });
+ String filter = connection.roleFormat.format(new String[] {
+ doFilterEscaping(dn),
+ doFilterEscaping(doAttributeValueEscaping(username)),
+ userRoleId });
SearchControls controls = new SearchControls();
if (roleSubtree) {
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
diff --git a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
index ef0cc35..3d9969e 100644
--- a/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
+++ b/test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
@@ -46,24 +46,29 @@ public class TestJNDIRealmIntegration {
private static final String USER_PATTERN = "cn={0},ou=people,dc=example,dc=com";
private static final String USER_SEARCH = "cn={0}";
private static final String USER_BASE = "ou=people,dc=example,dc=com";
+ private static final String ROLE_SEARCH_A = "member={0}";
+ private static final String ROLE_SEARCH_B = "member=cn={1},ou=people,dc=example,dc=com";
private static InMemoryDirectoryServer ldapServer;
@Parameterized.Parameters(name = "{index}: user[{3}], pwd[{4}]")
public static Collection<Object[]> parameters() {
List<Object[]> parameterSets = new ArrayList<>();
- addUsers(USER_PATTERN, null, null, parameterSets);
- addUsers(null, USER_SEARCH, USER_BASE, parameterSets);
+ for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B }) {
+ addUsers(USER_PATTERN, null, null, roleSearch, parameterSets);
+ addUsers(null, USER_SEARCH, USER_BASE, roleSearch, parameterSets);
+ }
return parameterSets;
}
- private static void addUsers(String userPattern, String userSearch, String userBase, List<Object[]> parameterSets) {
- parameterSets.add(new Object[] { userPattern, userSearch, userBase,
+ private static void addUsers(String userPattern, String userSearch, String userBase, String roleSearch,
+ List<Object[]> parameterSets) {
+ parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch,
"test", "test", new String[] {"TestGroup"} });
- parameterSets.add(new Object[] { userPattern, userSearch, userBase,
+ parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch,
"t;", "test", new String[] {"TestGroup"} });
- parameterSets.add(new Object[] { userPattern, userSearch, userBase,
+ parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch,
"t*", "test", new String[] {"TestGroup"} });
}
@@ -75,10 +80,12 @@ public class TestJNDIRealmIntegration {
@Parameter(2)
public String realmConfigUserBase;
@Parameter(3)
- public String username;
+ public String realmConfigRoleSearch;
@Parameter(4)
- public String credentials;
+ public String username;
@Parameter(5)
+ public String credentials;
+ @Parameter(6)
public String[] groups;
@Test
@@ -90,9 +97,10 @@ public class TestJNDIRealmIntegration {
realm.setUserPattern(realmConfigUserPattern);
realm.setUserSearch(realmConfigUserSearch);
realm.setUserBase(realmConfigUserBase);
+ realm.setUserRoleAttribute("cn");
realm.setRoleName("cn");
realm.setRoleBase("ou=people,dc=example,dc=com");
- realm.setRoleSearch("member={0}");
+ realm.setRoleSearch(realmConfigRoleSearch);
GenericPrincipal p = (GenericPrincipal) realm.authenticate(username, credentials);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org