Fix for SEC-215. Check for empty nameInNameSpace before appending.

20 years ago · 743cc9fec7
1 changed files with 9 additions and 2 deletions
--- a/core/src/main/java/org/acegisecurity/ldap/search/FilterBasedLdapUserSearch.java
+++ b/core/src/main/java/org/acegisecurity/ldap/search/FilterBasedLdapUserSearch.java
@ -22,7 +22,10 @@ import org.acegisecurity.ldap.LdapUtils;
				@@ -22,7 +22,10 @@ import org.acegisecurity.ldap.LdapUtils;
 import org.acegisecurity.ldap.InitialDirContextFactory;
 import org.acegisecurity.ldap.LdapUserInfo;
 import org.acegisecurity.ldap.LdapDataAccessException;
+
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
+
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

@ -136,8 +139,12 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
				@@ -136,8 +139,12 @@ public class FilterBasedLdapUserSearch implements LdapUserSearch {
                userDn.append(searchBase);
            }

-            userDn.append(",");
-            userDn.append(ctx.getNameInNamespace());
+            String nameInNamespace = ctx.getNameInNamespace();
+
+            if(StringUtils.hasLength(nameInNamespace)) {
+                userDn.append(",");
+                userDn.append(nameInNamespace);
+            }

            return new LdapUserInfo(userDn.toString(), searchResult.getAttributes());