GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

SEC-1961: SubjectDnX509PrincipalExtractor supports CN as last segement

pull/16/head
Rob Winch 14 years ago
parent
4fabe939d0
commit
c2def26c3e
1 changed files with 3 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java

6
web/src/main/java/org/springframework/security/web/authentication/preauth/x509/SubjectDnX509PrincipalExtractor.java
Unescape View File

@ -17,7 +17,7 @@ import java.util.regex.Matcher;
* Obtains the principal from a certificate using a regular expression match against the Subject (as returned by a call * Obtains the principal from a certificate using a regular expression match against the Subject (as returned by a call
* to {@link X509Certificate#getSubjectDN()}). * to {@link X509Certificate#getSubjectDN()}).
* <p> * <p>
* The regular expression should contain a single group; for example the default expression "CN=(.?)," matches the * The regular expression should contain a single group; for example the default expression "CN=(.*?)(?:,|$)" matches the
* common name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix". * common name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix".
* <p> * <p>
* The matches are case insensitive. So "emailAddress=(.?)," will match "EMAILADDRESS=jimi@hendrix.org, CN=..." giving a * The matches are case insensitive. So "emailAddress=(.?)," will match "EMAILADDRESS=jimi@hendrix.org, CN=..." giving a
@ -33,7 +33,7 @@ public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
private Pattern subjectDnPattern; private Pattern subjectDnPattern;
public SubjectDnX509PrincipalExtractor() { public SubjectDnX509PrincipalExtractor() {
setSubjectDnRegex("CN=(.*?),"); setSubjectDnRegex("CN=(.*?)(?:,|$)");
} }
public Object extractPrincipal(X509Certificate clientCert) { public Object extractPrincipal(X509Certificate clientCert) {
@ -64,7 +64,7 @@ public class SubjectDnX509PrincipalExtractor implements X509PrincipalExtractor {
* Sets the regular expression which will by used to extract the user name from the certificate's Subject * Sets the regular expression which will by used to extract the user name from the certificate's Subject
* DN. * DN.
* <p> * <p>
* It should contain a single group; for example the default expression "CN=(.?)," matches the common * It should contain a single group; for example the default expression "CN=(.*?)(?:,|$)" matches the common
* name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix". * name field. So "CN=Jimi Hendrix, OU=..." will give a user name of "Jimi Hendrix".
* <p> * <p>
* The matches are case insensitive. So "emailAddress=(.?)," will match "EMAILADDRESS=jimi@hendrix.org, * The matches are case insensitive. So "emailAddress=(.?)," will match "EMAILADDRESS=jimi@hendrix.org,

Write Preview
Loading…
Cancel
Save