Le 09/02/2017 à 01:59, Shawn McKinney a écrit :
>> On Feb 8, 2017, at 8:01 AM, Chris Pike <[email protected]> wrote:
>>
>> Ran into an issue yesterday where a role name had parenthesis in the name,
>> and this messed up the fortress ldap filter when getting permissions for a
>> user through the access manager. It appears filter params aren't being
>> property escaped. Not sure if it is specific to this case or is present in
>> other places as well. Thoughts?
> Hi Chris,
>
> what is the error you receive?
In any case, you have two ways to build a filter :
- use a String, and parse it
- use the LDAP API filter Node elements (like EqualityNode), and get the
resulting String
In the first case, each Filter element's value has to be encoded so that
it's not going to interact with the filtre structure (ie, every '(' and
')' have to be escaped, and a few more chars too).
This can be done using FilterEncoder.encodeFilterValue( String value )
static method, which returns an encoded value.
For instance, if you want to create a filter for a equality on the 'cn'
AttributeType, with a value of "ACME(tm)", which resulting filter is
"(cn=ACME\\28tm\\29)", do that :
String filterStr = String.format( "(%s=%s)", "cn",
FilterEncoder.encodeFilterValue( "ACME(tm)" ) );
or
String filterStr = new EqualityNode<>( "cn", new StringValue(
"ACME(tm)" ) ).toString();
Both resulting filterStr will be valid (ie the "(cn=ACME\\28tm\\29)"
String )
--
Emmanuel Lecharny
Symas.com
directory.apache.org
