2020-06-30 12:49:37 +02:00
|
|
|
include::../description.adoc[]
|
|
|
|
|
|
|
|
|
|
== Noncompliant Code Example
|
|
|
|
|
|
2021-01-27 13:42:22 +01:00
|
|
|
This rule raises an issue when an LDAP connection is created with ``++Context.SECURITY_AUTHENTICATION++`` set to ``++"none"++``.
|
2020-06-30 14:49:38 +02:00
|
|
|
|
2020-06-30 12:49:37 +02:00
|
|
|
----
|
|
|
|
|
// Set up the environment for creating the initial context
|
|
|
|
|
Hashtable<String, Object> env = new Hashtable<String, Object>();
|
|
|
|
|
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
|
|
|
|
|
env.put(Context.PROVIDER_URL, "ldap://localhost:389/o=JNDITutorial");
|
|
|
|
|
|
|
|
|
|
// Use anonymous authentication
|
|
|
|
|
env.put(Context.SECURITY_AUTHENTICATION, "none"); // Noncompliant
|
|
|
|
|
|
|
|
|
|
// Create the initial context
|
|
|
|
|
DirContext ctx = new InitialDirContext(env);
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
// Set up the environment for creating the initial context
|
|
|
|
|
Hashtable<String, Object> env = new Hashtable<String, Object>();
|
|
|
|
|
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
|
|
|
|
|
env.put(Context.PROVIDER_URL, "ldap://localhost:389/o=JNDITutorial");
|
|
|
|
|
|
|
|
|
|
// Use simple authentication
|
|
|
|
|
env.put(Context.SECURITY_AUTHENTICATION, "simple");
|
|
|
|
|
env.put(Context.SECURITY_PRINCIPAL, "cn=S. User, ou=NewHires, o=JNDITutorial");
|
|
|
|
|
env.put(Context.SECURITY_CREDENTIALS, getLDAPPassword());
|
|
|
|
|
|
|
|
|
|
// Create the initial context
|
|
|
|
|
DirContext ctx = new InitialDirContext(env);
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
include::../see.adoc[]
|
