Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.2, 2.1.3
    • Fix Version/s: 2.2.0
    • Component/s: Security
    • Labels:
      None

      Description

      There is an validator for username in
      org.apache.jetspeed.security.spi.impl.ldap.AbstractLdapDao.validateUid(String)

      I need to login with username: name.surname but in the method there is a pattern for validating which contains dot.

      String pattern = ".\\(.|.\\[.|.\\{.|.\\\\.|.\\^.|.\\$.|.\\|.|.\\).|.\\?.|.\\*.|.\\+.|.
      ..
      ";

      It is possible to externalize this string to a configuration file?

        Activity

        Transition Time In Source Status Execution Times Last Executer Last Execution Date
        Open Open Resolved Resolved
        301d 2h 31m 1 Vivek Kumar 26/Sep/08 14:20
        Resolved Resolved Closed Closed
        1103d 7h 47m 1 Ate Douma 04/Oct/11 22:08
        Ate Douma made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Vivek Kumar made changes -
        Fix Version/s 2.2 [ 12312318 ]
        Resolution Fixed [ 1 ]
        Status Open [ 1 ] Resolved [ 5 ]
        Hide
        Vivek Kumar added a comment -

        This issue is fixed with new security API's

        Show
        Vivek Kumar added a comment - This issue is fixed with new security API's
        Vivek Kumar made changes -
        Field Original Value New Value
        Assignee Vivek Kumar [ firevelocity ]
        Hide
        Martin Petras added a comment -

        Sorry for responding so late.

        In my opinion is the best solution to add a property to Jetspeed.properties:
        security.user.validating.regex=.\\(.|.\\[.|.\\{.|.\\\\.|.\\^.|.\\$.|.\\|.|.\\).|.\\?.|.\\*.|.\\+.|.
        ..

        and then change method org.apache.jetspeed.security.spi.impl.ldap.AbstractLdapDao.validateUid(String)
        by replacing line
        String pattern = ".\\(.|.\\[.|.\\{.|.\\\\.|.\\^.|.\\$.|.\\|.|.\\).|.\\?.|.\\*.|.\\+.|.
        ..
        ";
        with
        String pattern = Jetspeed.getConfiguration().getString("security.user.validating.regex", ".\\(.|.\\[.|.\\{.|.\\\\.|.\\^.|.\\$.|.\\|.|.\\).|.\\?.|.\\*.|.\\+.|.
        ..
        ");

        I've checked it, it works well. Please apply this patch.

        Show
        Martin Petras added a comment - Sorry for responding so late. In my opinion is the best solution to add a property to Jetspeed.properties: security.user.validating.regex=. \\(. |. \\[. |. \\{. |. \\\\. |. \\^. |. \\$. |. \\|. |. \\). |. \\?. |. \\*. |. \\+. |. .. and then change method org.apache.jetspeed.security.spi.impl.ldap.AbstractLdapDao.validateUid(String) by replacing line String pattern = ". \\(. |. \\[. |. \\{. |. \\\\. |. \\^. |. \\$. |. \\|. |. \\). |. \\?. |. \\*. |. \\+. |. .. "; with String pattern = Jetspeed.getConfiguration().getString("security.user.validating.regex", ". \\(. |. \\[. |. \\{. |. \\\\. |. \\^. |. \\$. |. \\|. |. \\). |. \\?. |. \\*. |. \\+. |. .. "); I've checked it, it works well. Please apply this patch.
        Hide
        David Sean Taylor added a comment -

        Yes, we can override with a configurable setting, add another value to the constructor
        We are pretty close to releasing here and I think it may be better to wait
        I really don't like this constructor with 36 values, I think there must be a better way like properties?
        Everytime I want to add a property I have to find all places where the constructor is used

        IF you really want to this change to go in, send an email directly to the jetspeed-dev mailing list and call for a vote on it
        I can do it, I just want to make sure I don't destabilize things and we are all busy trying to get the release out

        Show
        David Sean Taylor added a comment - Yes, we can override with a configurable setting, add another value to the constructor We are pretty close to releasing here and I think it may be better to wait I really don't like this constructor with 36 values, I think there must be a better way like properties? Everytime I want to add a property I have to find all places where the constructor is used IF you really want to this change to go in, send an email directly to the jetspeed-dev mailing list and call for a vote on it I can do it, I just want to make sure I don't destabilize things and we are all busy trying to get the release out
        Martin Petras created issue -

          People

          • Assignee:
            Vivek Kumar
            Reporter:
            Martin Petras
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development