mirrors
/
gitblit
mirror of https://github.com/gitblit/gitblit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 43 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1533 Commits
11 Branches
Tree: db4f6b5740
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'db4f6b5740'
${ noResults }
gitblit/src/main/java/com/gitblit/LdapUserService.java

LdapUserService.java 19KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531 
  1. /*

  2.  * Copyright 2012 John Crygier

  3.  * Copyright 2012 gitblit.com

  4.  *

  5.  * Licensed under the Apache License, Version 2.0 (the "License");

  6.  * you may not use this file except in compliance with the License.

  7.  * You may obtain a copy of the License at

  8.  *

  9.  *     http://www.apache.org/licenses/LICENSE-2.0

  10.  *

  11.  * Unless required by applicable law or agreed to in writing, software

  12.  * distributed under the License is distributed on an "AS IS" BASIS,

  13.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  14.  * See the License for the specific language governing permissions and

  15.  * limitations under the License.

  16.  */

  17. package com.gitblit;

  18. 

  19. import java.io.File;

  20. import java.net.URI;

  21. import java.net.URISyntaxException;

  22. import java.security.GeneralSecurityException;

  23. import java.util.Arrays;

  24. import java.util.HashMap;

  25. import java.util.List;

  26. import java.util.Map;

  27. import java.util.concurrent.TimeUnit;

  28. import java.util.concurrent.atomic.AtomicLong;

  29. 

  30. import org.slf4j.Logger;

  31. import org.slf4j.LoggerFactory;

  32. 

  33. import com.gitblit.Constants.AccountType;

  34. import com.gitblit.manager.IRuntimeManager;

  35. import com.gitblit.models.TeamModel;

  36. import com.gitblit.models.UserModel;

  37. import com.gitblit.utils.ArrayUtils;

  38. import com.gitblit.utils.StringUtils;

  39. import com.unboundid.ldap.sdk.Attribute;

  40. import com.unboundid.ldap.sdk.DereferencePolicy;

  41. import com.unboundid.ldap.sdk.ExtendedResult;

  42. import com.unboundid.ldap.sdk.LDAPConnection;

  43. import com.unboundid.ldap.sdk.LDAPException;

  44. import com.unboundid.ldap.sdk.LDAPSearchException;

  45. import com.unboundid.ldap.sdk.ResultCode;

  46. import com.unboundid.ldap.sdk.SearchRequest;

  47. import com.unboundid.ldap.sdk.SearchResult;

  48. import com.unboundid.ldap.sdk.SearchResultEntry;

  49. import com.unboundid.ldap.sdk.SearchScope;

  50. import com.unboundid.ldap.sdk.SimpleBindRequest;

  51. import com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest;

  52. import com.unboundid.util.ssl.SSLUtil;

  53. import com.unboundid.util.ssl.TrustAllTrustManager;

  54. 

  55. /**

  56.  * Implementation of an LDAP user service.

  57.  *

  58.  * @author John Crygier

  59.  */

  60. public class LdapUserService extends GitblitUserService {

  61. 

  62. 	public static final Logger logger = LoggerFactory.getLogger(LdapUserService.class);

  63. 

  64. 	private IStoredSettings settings;

  65.     private AtomicLong lastLdapUserSync = new AtomicLong(0L);

  66. 

  67. 	public LdapUserService() {

  68. 		super();

  69. 	}

  70. 

  71.  	private long getSynchronizationPeriod() {

  72.         final String cacheDuration = settings.getString(Keys.realm.ldap.ldapCachePeriod, "2 MINUTES");

  73.         try {

  74.             final String[] s = cacheDuration.split(" ", 2);

  75.             long duration = Long.parseLong(s[0]);

  76.             TimeUnit timeUnit = TimeUnit.valueOf(s[1]);

  77.             return timeUnit.toMillis(duration);

  78.         } catch (RuntimeException ex) {

  79.             throw new IllegalArgumentException(Keys.realm.ldap.ldapCachePeriod + " must have format '<long> <TimeUnit>' where <TimeUnit> is one of 'MILLISECONDS', 'SECONDS', 'MINUTES', 'HOURS', 'DAYS'");

  80.         }

  81.     }

  82. 

  83. 	@Override

  84. 	public void setup(IStoredSettings settings) {

  85. 		this.settings = settings;

  86. 		String file = settings.getString(Keys.realm.ldap.backingUserService, "${baseFolder}/users.conf");

  87. 		IRuntimeManager runtimeManager = GitBlit.getManager(IRuntimeManager.class);

  88. 		File realmFile = runtimeManager.getFileOrFolder(file);

  89. 

  90. 		serviceImpl = createUserService(realmFile);

  91. 		logger.info("LDAP User Service backed by " + serviceImpl.toString());

  92. 

  93. 		synchronizeLdapUsers();

  94. 	}

  95. 

  96. 	protected synchronized void synchronizeLdapUsers() {

  97.         final boolean enabled = settings.getBoolean(Keys.realm.ldap.synchronizeUsers.enable, false);

  98.         if (enabled) {

  99.             if (System.currentTimeMillis() > (lastLdapUserSync.get() + getSynchronizationPeriod())) {

  100.             	logger.info("Synchronizing with LDAP @ " + settings.getRequiredString(Keys.realm.ldap.server));

  101.                 final boolean deleteRemovedLdapUsers = settings.getBoolean(Keys.realm.ldap.synchronizeUsers.removeDeleted, true);

  102.                 LDAPConnection ldapConnection = getLdapConnection();

  103.                 if (ldapConnection != null) {

  104.                     try {

  105.                         String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");

  106.                         String uidAttribute = settings.getString(Keys.realm.ldap.uid, "uid");

  107.                         String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");

  108.                         accountPattern = StringUtils.replace(accountPattern, "${username}", "*");

  109. 

  110.                         SearchResult result = doSearch(ldapConnection, accountBase, accountPattern);

  111.                         if (result != null && result.getEntryCount() > 0) {

  112.                             final Map<String, UserModel> ldapUsers = new HashMap<String, UserModel>();

  113. 

  114.                             for (SearchResultEntry loggingInUser : result.getSearchEntries()) {

  115. 

  116.                                 final String username = loggingInUser.getAttribute(uidAttribute).getValue();

  117.                                 logger.debug("LDAP synchronizing: " + username);

  118. 

  119.                                 UserModel user = getUserModel(username);

  120.                                 if (user == null) {

  121.                                     user = new UserModel(username);

  122.                                 }

  123. 

  124.                                 if (!supportsTeamMembershipChanges())

  125.                                     getTeamsFromLdap(ldapConnection, username, loggingInUser, user);

  126. 

  127.                                 // Get User Attributes

  128.                                 setUserAttributes(user, loggingInUser);

  129. 

  130.                                 // store in map

  131.                                 ldapUsers.put(username.toLowerCase(), user);

  132.                             }

  133. 

  134.                             if (deleteRemovedLdapUsers) {

  135.                                 logger.debug("detecting removed LDAP users...");

  136. 

  137.                                 for (UserModel userModel : super.getAllUsers()) {

  138.                                     if (Constants.EXTERNAL_ACCOUNT.equals(userModel.password)) {

  139.                                         if (! ldapUsers.containsKey(userModel.username)) {

  140.                                             logger.info("deleting removed LDAP user " + userModel.username + " from backing user service");

  141.                                             super.deleteUser(userModel.username);

  142.                                         }

  143.                                     }

  144.                                 }

  145.                             }

  146. 

  147.                             super.updateUserModels(ldapUsers.values());

  148. 

  149.                             if (!supportsTeamMembershipChanges()) {

  150.                                 final Map<String, TeamModel> userTeams = new HashMap<String, TeamModel>();

  151.                                 for (UserModel user : ldapUsers.values()) {

  152.                                     for (TeamModel userTeam : user.teams) {

  153.                                         userTeams.put(userTeam.name, userTeam);

  154.                                     }

  155.                                 }

  156.                                 updateTeamModels(userTeams.values());

  157.                             }

  158.                         }

  159.                         lastLdapUserSync.set(System.currentTimeMillis());

  160.                     } finally {

  161.                         ldapConnection.close();

  162.                     }

  163.                 }

  164.             }

  165.         }

  166.     }

  167. 

  168. 	private LDAPConnection getLdapConnection() {

  169. 		try {

  170. 			

  171. 			URI ldapUrl = new URI(settings.getRequiredString(Keys.realm.ldap.server));

  172. 			String ldapHost = ldapUrl.getHost();

  173. 			int ldapPort = ldapUrl.getPort();

  174. 			String bindUserName = settings.getString(Keys.realm.ldap.username, "");

  175. 			String bindPassword = settings.getString(Keys.realm.ldap.password, "");

  176. 

  177. 			

  178. 			LDAPConnection conn;

  179. 			if (ldapUrl.getScheme().equalsIgnoreCase("ldaps")) {	// SSL

  180. 				SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());

  181. 				conn = new LDAPConnection(sslUtil.createSSLSocketFactory());

  182. 			} else if (ldapUrl.getScheme().equalsIgnoreCase("ldap") || ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {	// no encryption or StartTLS

  183. 				conn = new LDAPConnection();

  184. 			} else {

  185. 				logger.error("Unsupported LDAP URL scheme: " + ldapUrl.getScheme());

  186. 				return null;

  187. 			}

  188. 			

  189. 			conn.connect(ldapHost, ldapPort);

  190. 			

  191. 			if (ldapUrl.getScheme().equalsIgnoreCase("ldap+tls")) {

  192. 				SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());

  193. 				ExtendedResult extendedResult = conn.processExtendedOperation(

  194. 						new StartTLSExtendedRequest(sslUtil.createSSLContext()));

  195. 				if (extendedResult.getResultCode() != ResultCode.SUCCESS) {

  196. 					throw new LDAPException(extendedResult.getResultCode());

  197. 				}

  198. 			}

  199. 

  200. 			if ( ! StringUtils.isEmpty(bindUserName) || ! StringUtils.isEmpty(bindPassword)) {

  201. 				conn.bind(new SimpleBindRequest(bindUserName, bindPassword));

  202. 			}

  203. 			

  204. 			return conn;

  205. 

  206. 		} catch (URISyntaxException e) {

  207. 			logger.error("Bad LDAP URL, should be in the form: ldap(s|+tls)://<server>:<port>", e);

  208. 		} catch (GeneralSecurityException e) {

  209. 			logger.error("Unable to create SSL Connection", e);

  210. 		} catch (LDAPException e) {

  211. 			logger.error("Error Connecting to LDAP", e);

  212. 		}

  213. 

  214. 		return null;

  215. 	}

  216. 

  217. 	/**

  218. 	 * Credentials are defined in the LDAP server and can not be manipulated

  219. 	 * from Gitblit.

  220. 	 *

  221. 	 * @return false

  222. 	 * @since 1.0.0

  223. 	 */

  224. 	@Override

  225. 	public boolean supportsCredentialChanges() {

  226. 		return false;

  227. 	}

  228. 

  229. 	/**

  230. 	 * If no displayName pattern is defined then Gitblit can manage the display name.

  231. 	 *

  232. 	 * @return true if Gitblit can manage the user display name

  233. 	 * @since 1.0.0

  234. 	 */

  235. 	@Override

  236. 	public boolean supportsDisplayNameChanges() {

  237. 		return StringUtils.isEmpty(settings.getString(Keys.realm.ldap.displayName, ""));

  238. 	}

  239. 

  240. 	/**

  241. 	 * If no email pattern is defined then Gitblit can manage the email address.

  242. 	 *

  243. 	 * @return true if Gitblit can manage the user email address

  244. 	 * @since 1.0.0

  245. 	 */

  246. 	@Override

  247. 	public boolean supportsEmailAddressChanges() {

  248. 		return StringUtils.isEmpty(settings.getString(Keys.realm.ldap.email, ""));

  249. 	}

  250. 

  251. 

  252. 	/**

  253. 	 * If the LDAP server will maintain team memberships then LdapUserService

  254. 	 * will not allow team membership changes.  In this scenario all team

  255. 	 * changes must be made on the LDAP server by the LDAP administrator.

  256. 	 *

  257. 	 * @return true or false

  258. 	 * @since 1.0.0

  259. 	 */

  260. 	@Override

  261. 	public boolean supportsTeamMembershipChanges() {

  262. 		return !settings.getBoolean(Keys.realm.ldap.maintainTeams, false);

  263. 	}

  264. 

  265. 	@Override

  266. 	protected AccountType getAccountType() {

  267. 		 return AccountType.LDAP;

  268. 	}

  269. 

  270. 	@Override

  271. 	public UserModel authenticate(String username, char[] password) {

  272. 		if (isLocalAccount(username)) {

  273. 			// local account, bypass LDAP authentication

  274. 			return super.authenticate(username, password);

  275. 		}

  276. 

  277. 		String simpleUsername = getSimpleUsername(username);

  278. 

  279. 		LDAPConnection ldapConnection = getLdapConnection();

  280. 		if (ldapConnection != null) {

  281. 			try {

  282. 				// Find the logging in user's DN

  283. 				String accountBase = settings.getString(Keys.realm.ldap.accountBase, "");

  284. 				String accountPattern = settings.getString(Keys.realm.ldap.accountPattern, "(&(objectClass=person)(sAMAccountName=${username}))");

  285. 				accountPattern = StringUtils.replace(accountPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));

  286. 

  287. 				SearchResult result = doSearch(ldapConnection, accountBase, accountPattern);

  288. 				if (result != null && result.getEntryCount() == 1) {

  289. 					SearchResultEntry loggingInUser = result.getSearchEntries().get(0);

  290. 					String loggingInUserDN = loggingInUser.getDN();

  291. 

  292. 					if (isAuthenticated(ldapConnection, loggingInUserDN, new String(password))) {

  293. 						logger.debug("LDAP authenticated: " + username);

  294. 

  295. 						UserModel user = null;

  296. 						synchronized (this) {

  297. 							user = getUserModel(simpleUsername);

  298. 							if (user == null)	// create user object for new authenticated user

  299. 								user = new UserModel(simpleUsername);

  300. 

  301. 							// create a user cookie

  302. 							if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {

  303. 								user.cookie = StringUtils.getSHA1(user.username + new String(password));

  304. 							}

  305. 

  306. 							if (!supportsTeamMembershipChanges())

  307. 								getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user);

  308. 

  309. 							// Get User Attributes

  310. 							setUserAttributes(user, loggingInUser);

  311. 

  312. 							// Push the ldap looked up values to backing file

  313. 							super.updateUserModel(user);

  314. 							if (!supportsTeamMembershipChanges()) {

  315. 								for (TeamModel userTeam : user.teams)

  316. 									updateTeamModel(userTeam);

  317. 							}

  318. 						}

  319. 

  320. 						return user;

  321. 					}

  322. 				}

  323. 			} finally {

  324. 				ldapConnection.close();

  325. 			}

  326. 		}

  327. 		return null;

  328. 	}

  329. 

  330. 	/**

  331. 	 * Set the admin attribute from team memberships retrieved from LDAP.

  332. 	 * If we are not storing teams in LDAP and/or we have not defined any

  333. 	 * administrator teams, then do not change the admin flag.

  334. 	 *

  335. 	 * @param user

  336. 	 */

  337. 	private void setAdminAttribute(UserModel user) {

  338. 		if (!supportsTeamMembershipChanges()) {

  339. 			List<String> admins = settings.getStrings(Keys.realm.ldap.admins);

  340. 			// if we have defined administrative teams, then set admin flag

  341. 			// otherwise leave admin flag unchanged

  342. 			if (!ArrayUtils.isEmpty(admins)) {

  343. 				user.canAdmin = false;

  344. 				for (String admin : admins) {

  345. 					if (admin.startsWith("@")) { // Team

  346. 						if (user.getTeam(admin.substring(1)) != null)

  347. 							user.canAdmin = true;

  348. 					} else

  349. 						if (user.getName().equalsIgnoreCase(admin))

  350. 							user.canAdmin = true;

  351. 				}

  352. 			}

  353. 		}

  354. 	}

  355. 

  356. 	private void setUserAttributes(UserModel user, SearchResultEntry userEntry) {

  357. 		// Is this user an admin?

  358. 		setAdminAttribute(user);

  359. 

  360. 		// Don't want visibility into the real password, make up a dummy

  361. 		user.password = Constants.EXTERNAL_ACCOUNT;

  362. 		user.accountType = getAccountType();

  363. 

  364. 		// Get full name Attribute

  365. 		String displayName = settings.getString(Keys.realm.ldap.displayName, "");

  366. 		if (!StringUtils.isEmpty(displayName)) {

  367. 			// Replace embedded ${} with attributes

  368. 			if (displayName.contains("${")) {

  369. 				for (Attribute userAttribute : userEntry.getAttributes())

  370. 					displayName = StringUtils.replace(displayName, "${" + userAttribute.getName() + "}", userAttribute.getValue());

  371. 

  372. 				user.displayName = displayName;

  373. 			} else {

  374. 				Attribute attribute = userEntry.getAttribute(displayName);

  375. 				if (attribute != null && attribute.hasValue()) {

  376. 					user.displayName = attribute.getValue();

  377. 				}

  378. 			}

  379. 		}

  380. 

  381. 		// Get email address Attribute

  382. 		String email = settings.getString(Keys.realm.ldap.email, "");

  383. 		if (!StringUtils.isEmpty(email)) {

  384. 			if (email.contains("${")) {

  385. 				for (Attribute userAttribute : userEntry.getAttributes())

  386. 					email = StringUtils.replace(email, "${" + userAttribute.getName() + "}", userAttribute.getValue());

  387. 

  388. 				user.emailAddress = email;

  389. 			} else {

  390. 				Attribute attribute = userEntry.getAttribute(email);

  391. 				if (attribute != null && attribute.hasValue()) {

  392. 					user.emailAddress = attribute.getValue();

  393. 				}

  394. 			}

  395. 		}

  396. 	}

  397. 

  398. 	private void getTeamsFromLdap(LDAPConnection ldapConnection, String simpleUsername, SearchResultEntry loggingInUser, UserModel user) {

  399. 		String loggingInUserDN = loggingInUser.getDN();

  400. 

  401. 		user.teams.clear();		// Clear the users team memberships - we're going to get them from LDAP

  402. 		String groupBase = settings.getString(Keys.realm.ldap.groupBase, "");

  403. 		String groupMemberPattern = settings.getString(Keys.realm.ldap.groupMemberPattern, "(&(objectClass=group)(member=${dn}))");

  404. 

  405. 		groupMemberPattern = StringUtils.replace(groupMemberPattern, "${dn}", escapeLDAPSearchFilter(loggingInUserDN));

  406. 		groupMemberPattern = StringUtils.replace(groupMemberPattern, "${username}", escapeLDAPSearchFilter(simpleUsername));

  407. 

  408. 		// Fill in attributes into groupMemberPattern

  409. 		for (Attribute userAttribute : loggingInUser.getAttributes())

  410. 			groupMemberPattern = StringUtils.replace(groupMemberPattern, "${" + userAttribute.getName() + "}", escapeLDAPSearchFilter(userAttribute.getValue()));

  411. 

  412. 		SearchResult teamMembershipResult = doSearch(ldapConnection, groupBase, true, groupMemberPattern, Arrays.asList("cn"));

  413. 		if (teamMembershipResult != null && teamMembershipResult.getEntryCount() > 0) {

  414. 			for (int i = 0; i < teamMembershipResult.getEntryCount(); i++) {

  415. 				SearchResultEntry teamEntry = teamMembershipResult.getSearchEntries().get(i);

  416. 				String teamName = teamEntry.getAttribute("cn").getValue();

  417. 

  418. 				TeamModel teamModel = getTeamModel(teamName);

  419. 				if (teamModel == null)

  420. 					teamModel = createTeamFromLdap(teamEntry);

  421. 

  422. 				user.teams.add(teamModel);

  423. 				teamModel.addUser(user.getName());

  424. 			}

  425. 		}

  426. 	}

  427. 

  428. 	private TeamModel createTeamFromLdap(SearchResultEntry teamEntry) {

  429. 		TeamModel answer = new TeamModel(teamEntry.getAttributeValue("cn"));

  430. 		// potentially retrieve other attributes here in the future

  431. 

  432. 		return answer;

  433. 	}

  434. 

  435. 	private SearchResult doSearch(LDAPConnection ldapConnection, String base, String filter) {

  436. 		try {

  437. 			return ldapConnection.search(base, SearchScope.SUB, filter);

  438. 		} catch (LDAPSearchException e) {

  439. 			logger.error("Problem Searching LDAP", e);

  440. 

  441. 			return null;

  442. 		}

  443. 	}

  444. 	

  445. 	private SearchResult doSearch(LDAPConnection ldapConnection, String base, boolean dereferenceAliases, String filter, List<String> attributes) {

  446. 		try {

  447. 			SearchRequest searchRequest = new SearchRequest(base, SearchScope.SUB, filter);

  448. 			if ( dereferenceAliases ) {

  449. 				searchRequest.setDerefPolicy(DereferencePolicy.SEARCHING);

  450. 			}

  451. 			if (attributes != null) {

  452. 				searchRequest.setAttributes(attributes);

  453. 			}

  454. 			return ldapConnection.search(searchRequest);

  455. 

  456. 		} catch (LDAPSearchException e) {

  457. 			logger.error("Problem Searching LDAP", e);

  458. 

  459. 			return null;

  460. 		} catch (LDAPException e) {

  461. 			logger.error("Problem creating LDAP search", e);

  462. 			return null;

  463. 		}

  464. 	}

  465. 	

  466. 	private boolean isAuthenticated(LDAPConnection ldapConnection, String userDn, String password) {

  467. 		try {

  468. 			// Binding will stop any LDAP-Injection Attacks since the searched-for user needs to bind to that DN

  469. 			ldapConnection.bind(userDn, password);

  470. 			return true;

  471. 		} catch (LDAPException e) {

  472. 			logger.error("Error authenticating user", e);

  473. 			return false;

  474. 		}

  475. 	}

  476. 

  477.     @Override

  478.     public List<String> getAllUsernames() {

  479.         synchronizeLdapUsers();

  480.         return super.getAllUsernames();

  481.     }

  482. 

  483.     @Override

  484.     public List<UserModel> getAllUsers() {

  485.         synchronizeLdapUsers();

  486.         return super.getAllUsers();

  487.     }

  488. 

  489. 	/**

  490. 	 * Returns a simple username without any domain prefixes.

  491. 	 *

  492. 	 * @param username

  493. 	 * @return a simple username

  494. 	 */

  495. 	protected String getSimpleUsername(String username) {

  496. 		int lastSlash = username.lastIndexOf('\\');

  497. 		if (lastSlash > -1) {

  498. 			username = username.substring(lastSlash + 1);

  499. 		}

  500. 

  501. 		return username;

  502. 	}

  503. 

  504. 	// From: https://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java

  505. 	public static final String escapeLDAPSearchFilter(String filter) {

  506. 		StringBuilder sb = new StringBuilder();

  507. 		for (int i = 0; i < filter.length(); i++) {

  508. 			char curChar = filter.charAt(i);

  509. 			switch (curChar) {

  510. 			case '\\':

  511. 				sb.append("\\5c");

  512. 				break;

  513. 			case '*':

  514. 				sb.append("\\2a");

  515. 				break;

  516. 			case '(':

  517. 				sb.append("\\28");

  518. 				break;

  519. 			case ')':

  520. 				sb.append("\\29");

  521. 				break;

  522. 			case '\u0000':

  523. 				sb.append("\\00");

  524. 				break;

  525. 			default:

  526. 				sb.append(curChar);

  527. 			}

  528. 		}

  529. 		return sb.toString();

  530. 	}

  531. }