Expand tests and fix an issue in escaping for group search · apache/tomcat@91ecdc6 · GitHub
Skip to content

Commit

Permalink
Expand tests and fix an issue in escaping for group search
Browse files Browse the repository at this point in the history
  • Loading branch information
markt-asf committed Apr 13, 2021
1 parent c6b6e10 commit 91ecdc6
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 10 deletions.
9 changes: 8 additions & 1 deletion java/org/apache/catalina/realm/JNDIRealm.java
Original file line number Diff line number Diff line change
Expand Up @@ -1847,7 +1847,11 @@ protected List<String> getRoles(JNDIConnection connection, User user) throws Nam
return null;
}

// This is returned from the directory so will be attribute value
// escaped if required
String dn = user.getDN();
// This is the name the user provided to the authentication process so
// it will not be escaped
String username = user.getUserName();
String userRoleId = user.getUserRoleId();

Expand Down Expand Up @@ -1880,7 +1884,10 @@ protected List<String> getRoles(JNDIConnection connection, User user) throws Nam
}

// Set up parameters for an appropriate search
String filter = connection.roleFormat.format(new String[] { doFilterEscaping(dn), username, userRoleId });
String filter = connection.roleFormat.format(new String[] {
doFilterEscaping(dn),
doFilterEscaping(doAttributeValueEscaping(username)),
userRoleId });
SearchControls controls = new SearchControls();
if (roleSubtree) {
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
Expand Down
26 changes: 17 additions & 9 deletions test/org/apache/catalina/realm/TestJNDIRealmIntegration.java
Original file line number Diff line number Diff line change
Expand Up @@ -46,24 +46,29 @@ public class TestJNDIRealmIntegration {
private static final String USER_PATTERN = "cn={0},ou=people,dc=example,dc=com";
private static final String USER_SEARCH = "cn={0}";
private static final String USER_BASE = "ou=people,dc=example,dc=com";
private static final String ROLE_SEARCH_A = "member={0}";
private static final String ROLE_SEARCH_B = "member=cn={1},ou=people,dc=example,dc=com";

private static InMemoryDirectoryServer ldapServer;

@Parameterized.Parameters(name = "{index}: user[{3}], pwd[{4}]")
public static Collection<Object[]> parameters() {
List<Object[]> parameterSets = new ArrayList<>();
addUsers(USER_PATTERN, null, null, parameterSets);
addUsers(null, USER_SEARCH, USER_BASE, parameterSets);
for (String roleSearch : new String[] { ROLE_SEARCH_A, ROLE_SEARCH_B }) {
addUsers(USER_PATTERN, null, null, roleSearch, parameterSets);
addUsers(null, USER_SEARCH, USER_BASE, roleSearch, parameterSets);
}
return parameterSets;
}


private static void addUsers(String userPattern, String userSearch, String userBase, List<Object[]> parameterSets) {
parameterSets.add(new Object[] { userPattern, userSearch, userBase,
private static void addUsers(String userPattern, String userSearch, String userBase, String roleSearch,
List<Object[]> parameterSets) {
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch,
"test", "test", new String[] {"TestGroup"} });
parameterSets.add(new Object[] { userPattern, userSearch, userBase,
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch,
"t;", "test", new String[] {"TestGroup"} });
parameterSets.add(new Object[] { userPattern, userSearch, userBase,
parameterSets.add(new Object[] { userPattern, userSearch, userBase, roleSearch,
"t*", "test", new String[] {"TestGroup"} });
}

Expand All @@ -75,10 +80,12 @@ private static void addUsers(String userPattern, String userSearch, String userB
@Parameter(2)
public String realmConfigUserBase;
@Parameter(3)
public String username;
public String realmConfigRoleSearch;
@Parameter(4)
public String credentials;
public String username;
@Parameter(5)
public String credentials;
@Parameter(6)
public String[] groups;

@Test
Expand All @@ -90,9 +97,10 @@ public void testAuthenication() throws Exception {
realm.setUserPattern(realmConfigUserPattern);
realm.setUserSearch(realmConfigUserSearch);
realm.setUserBase(realmConfigUserBase);
realm.setUserRoleAttribute("cn");
realm.setRoleName("cn");
realm.setRoleBase("ou=people,dc=example,dc=com");
realm.setRoleSearch("member={0}");
realm.setRoleSearch(realmConfigRoleSearch);

GenericPrincipal p = (GenericPrincipal) realm.authenticate(username, credentials);

Expand Down

0 comments on commit 91ecdc6

Please sign in to comment.