下面列出了javax.naming.ldap.InitialLdapContext#search ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
protected void rolesSearch(InitialLdapContext ctx, SearchControls constraints, String user, String previousRoleDn,
int recursionMax, int nesting, RoleGroup roleGroup) throws NamingException
{
Object[] filterArgs = {user};
String searchFilter = previousRoleDn == null ? roleFilter : "member=" + previousRoleDn;
NamingEnumeration<SearchResult> results = ctx.search(rolesCtxDN, searchFilter, filterArgs, constraints);
try
{
while (results.hasMore())
{
SearchResult sr = results.next();
String dn = canonicalize(sr.getName());
// Query the context for the roleDN values
String[] attrNames = {roleAttributeID};
Attributes result = ctx.getAttributes(dn, attrNames);
if (result != null && result.size() > 0)
{
Attribute roles = result.get(roleAttributeID);
for (int n = 0; n < roles.size(); n++)
{
String roleName = (String) roles.get(n);
if (roleAttributeIsDN && parseRoleNameFromDN)
{
parseRole(roleName, roleGroup);
}
else if (roleAttributeIsDN)
{
// Query the roleDN location for the value of roleNameAttributeID
String roleDN = roleName;
String[] returnAttribute = {roleNameAttributeID};
PicketBoxLogger.LOGGER.traceFollowRoleDN(roleDN);
try
{
Attributes result2 = ctx.getAttributes(roleDN, returnAttribute);
Attribute roles2 = result2.get(roleNameAttributeID);
if (roles2 != null)
{
for (int m = 0; m < roles2.size(); m++)
{
roleName = (String) roles2.get(m);
addRole(roleName, roleGroup);
}
}
}
catch (NamingException e)
{
PicketBoxLogger.LOGGER.debugFailureToQueryLDAPAttribute(roleNameAttributeID, roleDN, e);
}
}
else
{
// The role attribute value is the role name
addRole(roleName, roleGroup);
}
}
}
if (nesting < recursionMax)
{
rolesSearch(ctx, constraints, user, dn, recursionMax, nesting + 1, roleGroup);
}
}
}
finally
{
if (results != null)
results.close();
}
}
protected String bindDNAuthentication(InitialLdapContext ctx, String user, Object credential, String baseDN,
String filter) throws NamingException
{
SearchControls constraints = new SearchControls();
constraints.setSearchScope(searchScope);
constraints.setTimeLimit(searchTimeLimit);
String attrList[] = {distinguishedNameAttribute};
constraints.setReturningAttributes(attrList);
NamingEnumeration<SearchResult> results = null;
Object[] filterArgs = {user};
results = ctx.search(baseDN, filter, filterArgs, constraints);
if (!results.hasMore())
{
results.close();
throw PicketBoxMessages.MESSAGES.failedToFindBaseContextDN(baseDN);
}
SearchResult sr = results.next();
String name = sr.getName();
String userDN = null;
Attributes attrs = sr.getAttributes();
if (attrs != null)
{
Attribute dn = attrs.get(distinguishedNameAttribute);
if (dn != null)
{
userDN = (String) dn.get();
}
}
if (userDN == null)
{
if (sr.isRelative())
userDN = name + ("".equals(baseDN) ? "" : "," + baseDN);
else
throw PicketBoxMessages.MESSAGES.unableToFollowReferralForAuth(name);
}
results.close();
results = null;
// Bind as the user dn to authenticate the user
InitialLdapContext userCtx = constructInitialLdapContext(userDN, credential);
userCtx.close();
return userDN;
}
/**
@param ctx - the context to search from
@param user - the input username
@param credential - the bind credential
@param baseDN - base DN to search the ctx from
@param filter - the search filter string
@return the userDN string for the successful authentication
@throws NamingException
*/
@SuppressWarnings("rawtypes")
protected String bindDNAuthentication(InitialLdapContext ctx, String user, Object credential, String baseDN,
String filter) throws NamingException
{
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
constraints.setTimeLimit(searchTimeLimit);
String attrList[] = {distinguishedNameAttribute};
constraints.setReturningAttributes(attrList);
NamingEnumeration results = null;
Object[] filterArgs = {user};
results = ctx.search(baseDN, filter, filterArgs, constraints);
if (results.hasMore() == false)
{
results.close();
throw PicketBoxMessages.MESSAGES.failedToFindBaseContextDN(baseDN);
}
SearchResult sr = (SearchResult) results.next();
String name = sr.getName();
String userDN = null;
Attributes attrs = sr.getAttributes();
if (attrs != null)
{
Attribute dn = attrs.get(distinguishedNameAttribute);
if (dn != null)
{
userDN = (String) dn.get();
}
}
if (userDN == null)
{
if (sr.isRelative() == true)
userDN = name + ("".equals(baseDN) ? "" : "," + baseDN);
else
throw PicketBoxMessages.MESSAGES.unableToFollowReferralForAuth(name);
}
safeClose(results);
results = null;
InitialLdapContext userCtx = constructInitialLdapContext(userDN, credential);
safeClose(userCtx);
return userDN;
}
public static void moreLdapInjections(String input) throws NamingException {
//Stub instances
Properties props = new Properties();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, "ldap://ldap.example.com");
props.put(Context.REFERRAL, "ignore");
SearchControls ctrls = new SearchControls();
ctrls.setReturningAttributes(new String[]{"givenName", "sn"});
ctrls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//Various context instance store in various type (class or interface)
DirContext context1 = new InitialDirContext(props);
InitialDirContext context2 = new InitialDirContext(props);
InitialLdapContext context3 = new InitialLdapContext();
LdapContext context4 = new InitialLdapContext();
NamingEnumeration<SearchResult> answers;
answers = context1.search(new LdapName("dc=People,dc=example,dc=com"), "(uid=" + input + ")", ctrls);
answers = context1.search(new LdapName("dc=People,dc=example,dc=com"), "(uid=" + input + ")", new Object[0], ctrls);
answers = context1.search("dc=People,dc=example,dc=com", "(uid=" + input + ")", ctrls);
answers = context1.search("dc=People,dc=example,dc=com", "(uid=" + input + ")", new Object[0], ctrls);
answers = context2.search(new LdapName("dc=People,dc=example,dc=com"), "(uid=" + input + ")", ctrls);
answers = context2.search(new LdapName("dc=People,dc=example,dc=com"), "(uid=" + input + ")", new Object[0], ctrls);
answers = context2.search("dc=People,dc=example,dc=com", "(uid=" + input + ")", ctrls);
answers = context2.search("dc=People,dc=example,dc=com", "(uid=" + input + ")", new Object[0], ctrls);
answers = context3.search(new LdapName("dc=People,dc=example,dc=com"), "(uid=" + input + ")", ctrls);
answers = context3.search(new LdapName("dc=People,dc=example,dc=com"), "(uid=" + input + ")", new Object[0], ctrls);
answers = context3.search("dc=People,dc=example,dc=com", "(uid=" + input + ")", ctrls);
answers = context3.search("dc=People,dc=example,dc=com", "(uid=" + input + ")", new Object[0], ctrls);
answers = context4.search(new LdapName("dc=People,dc=example,dc=com"), "(uid=" + input + ")", ctrls);
answers = context4.search(new LdapName("dc=People,dc=example,dc=com"), "(uid=" + input + ")", new Object[0], ctrls);
answers = context4.search("dc=People,dc=example,dc=com", "(uid=" + input + ")", ctrls);
answers = context4.search("dc=People,dc=example,dc=com", "(uid=" + input + ")", new Object[0], ctrls);
//False positive
answers = context1.search(new LdapName("dc=People,dc=example,dc=com"), "(uid=bob)", ctrls);
answers = context1.search(new LdapName("dc=People,dc=example,dc=com"), "(uid=bob)", new Object[0], ctrls);
answers = context1.search("dc=People,dc=example,dc=com", "(uid=bob)", ctrls);
answers = context1.search("dc=People,dc=example,dc=com", "(uid=bob)", new Object[0], ctrls);
}