Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.2, 2.1.3
    • Fix Version/s: 2.2.0
    • Component/s: Security
    • Labels:
      None

      Description

      There is an validator for username in
      org.apache.jetspeed.security.spi.impl.ldap.AbstractLdapDao.validateUid(String)

      I need to login with username: name.surname but in the method there is a pattern for validating which contains dot.

      String pattern = ".\\(.|.\\[.|.\\{.|.\\\\.|.\\^.|.\\$.|.\\|.|.\\).|.\\?.|.\\*.|.\\+.|.
      ..
      ";

      It is possible to externalize this string to a configuration file?

        Activity

        Hide
        Vivek Kumar added a comment -

        This issue is fixed with new security API's

        Show
        Vivek Kumar added a comment - This issue is fixed with new security API's
        Hide
        Martin Petras added a comment -

        Sorry for responding so late.

        In my opinion is the best solution to add a property to Jetspeed.properties:
        security.user.validating.regex=.\\(.|.\\[.|.\\{.|.\\\\.|.\\^.|.\\$.|.\\|.|.\\).|.\\?.|.\\*.|.\\+.|.
        ..

        and then change method org.apache.jetspeed.security.spi.impl.ldap.AbstractLdapDao.validateUid(String)
        by replacing line
        String pattern = ".\\(.|.\\[.|.\\{.|.\\\\.|.\\^.|.\\$.|.\\|.|.\\).|.\\?.|.\\*.|.\\+.|.
        ..
        ";
        with
        String pattern = Jetspeed.getConfiguration().getString("security.user.validating.regex", ".\\(.|.\\[.|.\\{.|.\\\\.|.\\^.|.\\$.|.\\|.|.\\).|.\\?.|.\\*.|.\\+.|.
        ..
        ");

        I've checked it, it works well. Please apply this patch.

        Show
        Martin Petras added a comment - Sorry for responding so late. In my opinion is the best solution to add a property to Jetspeed.properties: security.user.validating.regex=. \\(. |. \\[. |. \\{. |. \\\\. |. \\^. |. \\$. |. \\|. |. \\). |. \\?. |. \\*. |. \\+. |. .. and then change method org.apache.jetspeed.security.spi.impl.ldap.AbstractLdapDao.validateUid(String) by replacing line String pattern = ". \\(. |. \\[. |. \\{. |. \\\\. |. \\^. |. \\$. |. \\|. |. \\). |. \\?. |. \\*. |. \\+. |. .. "; with String pattern = Jetspeed.getConfiguration().getString("security.user.validating.regex", ". \\(. |. \\[. |. \\{. |. \\\\. |. \\^. |. \\$. |. \\|. |. \\). |. \\?. |. \\*. |. \\+. |. .. "); I've checked it, it works well. Please apply this patch.
        Hide
        David Sean Taylor added a comment -

        Yes, we can override with a configurable setting, add another value to the constructor
        We are pretty close to releasing here and I think it may be better to wait
        I really don't like this constructor with 36 values, I think there must be a better way like properties?
        Everytime I want to add a property I have to find all places where the constructor is used

        IF you really want to this change to go in, send an email directly to the jetspeed-dev mailing list and call for a vote on it
        I can do it, I just want to make sure I don't destabilize things and we are all busy trying to get the release out

        Show
        David Sean Taylor added a comment - Yes, we can override with a configurable setting, add another value to the constructor We are pretty close to releasing here and I think it may be better to wait I really don't like this constructor with 36 values, I think there must be a better way like properties? Everytime I want to add a property I have to find all places where the constructor is used IF you really want to this change to go in, send an email directly to the jetspeed-dev mailing list and call for a vote on it I can do it, I just want to make sure I don't destabilize things and we are all busy trying to get the release out

          People

          • Assignee:
            Vivek Kumar
            Reporter:
            Martin Petras
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development