KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > net > sf > jguard > ext > util > JNDIUtils


1 /*
2  jGuard is a security framework based on top of jaas (java authentication and authorization security).
3  it is written for web applications, to resolve simply, access control problems.
4  version $Name$
5  http://sourceforge.net/projects/jguard/
6
7  Copyright (C) 2004 Charles GAY
8
9  This library is free software; you can redistribute it and/or
10  modify it under the terms of the GNU Lesser General Public
11  License as published by the Free Software Foundation; either
12  version 2.1 of the License, or (at your option) any later version.
13
14  This library is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17  Lesser General Public License for more details.
18
19  You should have received a copy of the GNU Lesser General Public
20  License along with this library; if not, write to the Free Software
21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22
23
24  jGuard project home page:
25  http://sourceforge.net/projects/jguard/
26
27  */

28 package net.sf.jguard.ext.util;
29
30 import java.util.logging.Logger JavaDoc;
31
32 import javax.naming.NamingEnumeration JavaDoc;
33 import javax.naming.NamingException JavaDoc;
34 import javax.naming.directory.Attribute JavaDoc;
35 import javax.naming.directory.SearchResult JavaDoc;
36
37
38 public class JNDIUtils {
39     private static final Logger JavaDoc logger = Logger.getLogger(JNDIUtils.class.getName());
40
41     /**
42      * grab the name in the namespace, and return the nth value in the naming hierarchy.
43      *
44      * @param result
45      * result found
46      * @param level
47      * level to be retrun from the result, to the root
48      * @return value
49      */

50     public static String JavaDoc getValueInNameSpace(SearchResult JavaDoc result, int level) {
51         String JavaDoc value = null;
52         String JavaDoc nameSpace = result.getName();
53         String JavaDoc[] tokens = nameSpace.split(",");
54         String JavaDoc[] tok = tokens[level].split("=");
55         value = tok[1];
56         return value;
57
58     }
59
60     /**
61      * prevent LDAP injection. method extracted from a CORSAIRE white paper.
62      *
63      * @param name
64      * @return safe login
65      */

66     public static String JavaDoc escapeDn(String JavaDoc name) {
67         // from RFC 2253 and the / character for JNDI
68
final char[] META_CHARS = { '+', '"', '<', '>', ';', '/' };
69         String JavaDoc escapedString = new String JavaDoc(name);
70         // BackSlash is both a Java and an LDAP escape character, so escape it first
71
escapedString = escapedString.replaceAll("\\\\", "\\\\");
72
73         // positional characters - see RFC 2253
74
escapedString = escapedString.replaceAll("^#", "\\\\#");
75         escapedString = escapedString.replaceAll("^ | $", "\\\\ ");
76
77         for (int i = 0; i < META_CHARS.length; i++) {
78             escapedString = escapedString.replaceAll("\\" + META_CHARS[i], "\\\\" + META_CHARS[i]);
79         }
80         return escapedString;
81     }
82
83     /**
84      * prevent LDAP injection. method extracted from a CORSAIRE white paper.
85      *
86      * @param filterExpression
87      * @return safe filterExpression
88      */

89     public static String JavaDoc escapeSearchFilter(String JavaDoc filterExpression) {
90         // from RFC 2254
91
String JavaDoc escapedString = new String JavaDoc(filterExpression);
92         escapedString = escapedString.replaceAll("\\\\", "\\\\5c");
93         escapedString = escapedString.replaceAll("\\*", "\\\\2a");
94         escapedString = escapedString.replaceAll("\\(", "\\\\28");
95         escapedString = escapedString.replaceAll("\\)", "\\\\29");
96         return escapedString;
97     }
98
99     
100
101     /**
102      * return as a String the attribute Value, and convert a byte[] into a new String.
103      *
104      * @param attribute attribute
105      * @return attribute value
106      * @throws NamingException
107      */

108     public static String JavaDoc getAttributeValue(Attribute JavaDoc attribute) throws NamingException JavaDoc {
109         NamingEnumeration JavaDoc nameEnum = null;
110         StringBuffer JavaDoc attributeValue = new StringBuffer JavaDoc();
111         nameEnum = attribute.getAll();
112
113         int i = 0;
114
115         while (nameEnum.hasMore()) {
116             if (i != 0) {
117                 attributeValue.append(",");
118             }
119             Object JavaDoc obj = (Object JavaDoc) nameEnum.next();
120             if (obj instanceof byte[]) {
121                 byte[] bytes = (byte[]) obj;
122                 obj = new String JavaDoc(bytes);
123             }
124
125             attributeValue.append(obj.toString());
126             i++;
127         }
128
129         nameEnum.close();
130
131         return attributeValue.toString();
132     }
133
134     
135 }
136
Popular Tags