16 jaren geleden · c7baeab172
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/BindAuthenticator.java
@@ -30,6 +30,7 @@ import org.springframework.security.authentication.BadCredentialsException;
 
				 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import org.springframework.util.Assert;
			
 
				+import org.springframework.util.StringUtils;
			
 
				 
			
 
				 
			
 
				 /**
			
@@ -68,6 +69,12 @@ public class BindAuthenticator extends AbstractLdapAuthenticator {
 
				         String username = authentication.getName();
			
 
				         String password = (String)authentication.getCredentials();
			
 
				 
			
 
				+        if (!StringUtils.hasLength(password)) {
			
 
				+            logger.debug("Rejecting empty password for user " + username);
			
 
				+            throw new BadCredentialsException(messages.getMessage("LdapAuthenticationProvider.emptyPassword",
			
 
				+                    "Empty Password"));
			
 
				+        }
			
 
				+
			
 
				         // If DN patterns are configured, try authenticating with them directly
			
 
				         for (String dn : getUserDns(username)) {
			
 
				             user = bindWithDn(dn, username, password);
			
--- a/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/authentication/LdapAuthenticationProvider.java
@@ -246,12 +246,6 @@ public class LdapAuthenticationProvider implements AuthenticationProvider, Messa
 
				         String password = (String) authentication.getCredentials();
			
 
				         Assert.notNull(password, "Null password was supplied in authentication token");
			
 
				 
			
 
				-        if (password.length() == 0) {
			
 
				-            logger.debug("Rejecting empty password for user " + username);
			
 
				-            throw new BadCredentialsException(messages.getMessage("LdapAuthenticationProvider.emptyPassword",
			
 
				-                    "Empty Password"));
			
 
				-        }
			
 
				-
			
 
				         try {
			
 
				             DirContextOperations userData = getAuthenticator().authenticate(authentication);
			
 
				 
			
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/BindAuthenticatorTests.java
@@ -15,19 +15,17 @@
 
				 
			
 
				 package org.springframework.security.ldap.authentication;
			
 
				 
			
 
				+import static org.junit.Assert.*;
			
 
				+
			
 
				+import org.junit.Test;
			
 
				+import org.springframework.ldap.core.DirContextAdapter;
			
 
				+import org.springframework.ldap.core.DirContextOperations;
			
 
				+import org.springframework.ldap.core.DistinguishedName;
			
 
				 import org.springframework.security.authentication.BadCredentialsException;
			
 
				 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import org.springframework.security.core.SpringSecurityMessageSource;
			
 
				 import org.springframework.security.ldap.AbstractLdapIntegrationTests;
			
 
				-import org.springframework.security.ldap.authentication.BindAuthenticator;
			
 
				-import org.springframework.ldap.core.DirContextAdapter;
			
 
				-import org.springframework.ldap.core.DirContextOperations;
			
 
				-import org.springframework.ldap.core.DistinguishedName;
			
 
				-
			
 
				-import static org.junit.Assert.assertEquals;
			
 
				-import static org.junit.Assert.fail;
			
 
				-import org.junit.Test;
			
 
				 
			
 
				 /**
			
 
				  * Tests for {@link BindAuthenticator}.
			
@@ -53,6 +51,11 @@ public class BindAuthenticatorTests extends AbstractLdapIntegrationTests {
 
				 
			
 
				     }
			
 
				 
			
 
				+    @Test(expected=BadCredentialsException.class)
			
 
				+    public void emptyPasswordIsRejected() {
			
 
				+        authenticator.authenticate(new UsernamePasswordAuthenticationToken("jen", ""));
			
 
				+    }
			
 
				+
			
 
				     @Test
			
 
				     public void testAuthenticationWithCorrectPasswordSucceeds() {
			
 
				         authenticator.setUserDnPatterns(new String[] {"uid={0},ou=people"});
			
--- a/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
+++ b/ldap/src/test/java/org/springframework/security/ldap/authentication/LdapAuthenticationProviderTests.java
@@ -82,12 +82,6 @@ public class LdapAuthenticationProviderTests {
 
				         } catch (BadCredentialsException expected) {}
			
 
				     }
			
 
				 
			
 
				-    @Test(expected=BadCredentialsException.class)
			
 
				-    public void emptyPasswordIsRejected() {
			
 
				-        LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator());
			
 
				-        ldapProvider.authenticate(new UsernamePasswordAuthenticationToken("jen", ""));
			
 
				-    }
			
 
				-
			
 
				     @Test(expected=BadCredentialsException.class)
			
 
				     public void usernameNotFoundExceptionIsHiddenByDefault() {
			
 
				         final LdapAuthenticator authenticator = jmock.mock(LdapAuthenticator.class);