Re: [jetty-users] How to use: org.eclipse.jetty.jaas.spi.LdapLoginModule

[Samuel Martinucci <samuelmartinucci@xxxxxxxxx>]

Thanks Joakim, now it makes total sense.

2016-12-28 16:10 GMT-02:00 Joakim Erdfelt <joakim@xxxxxxxxxxx>:

The last time doRFC2254Encoding was used was just before Jetty 6.1.9 ...

https://github.com/jetty-project/codehaus-jetty6/blob/jetty-6.1.9/modules/plus/src/main/java/org/mortbay/jetty/plus/jaas/spi/LdapLoginModule.java#L327

as part of the getUserRoles() method, to sanitize the raw ldap filter declaration.

Since Jetty 7.x that doRFC2254Encoding was no longer needed, as we let the LDAP implementation do the sanitation/filtering via the DirContext.search() method now.

https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-jaas/src/main/java/org/eclipse/jetty/jaas/spi/LdapLoginModule.java#L356-L358

Joakim Erdfelt / joakim@xxxxxxxxxxx

On Wed, Dec 28, 2016 at 10:07 AM, Samuel Martinucci <samuelmartinucci@xxxxxxxxx> wrote:

Hi,

I am trying to prevent my application from LDAP Injections and I've found this method which is not in use anywhere, I'd like to know what is this for and how to use it? Apparently this is what I need to apply to my LDAP Queries.

org.eclipse.jetty.jaas.spi.LdapLoginModule.doRFC2254Encoding

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users