Revision 9441
Added by Jing Tao about 9 years ago
src/edu/ucsb/nceas/metacat/AuthLdap.java | ||
---|---|---|
48 | 48 |
import javax.net.ssl.SSLSession; |
49 | 49 |
|
50 | 50 |
import org.apache.log4j.Logger; |
51 |
import org.apache.commons.lang.StringEscapeUtils; |
|
51 | 52 |
|
52 | 53 |
import edu.ucsb.nceas.metacat.properties.PropertyService; |
53 | 54 |
import edu.ucsb.nceas.utilities.PropertyNotFoundException; |
... | ... | |
1285 | 1286 |
} |
1286 | 1287 |
} |
1287 | 1288 |
logMetacat.info("AuthLdap.getPrincipals - org name is " + orgName); |
1289 |
orgName = StringEscapeUtils.escapeXml(orgName); |
|
1290 |
logMetacat.info("AuthLdap.getPrincipals - org name (after the xml escaping) is " + orgName); |
|
1288 | 1291 |
out.append(" <authSystem URI=\"" + this.ldapUrl + this.ldapBase |
1289 | 1292 |
+ "\" organization=\"" + orgName + "\">\n"); |
1290 | 1293 |
|
... | ... | |
1299 | 1302 |
if (groups != null && users != null && groups.length > 0) { |
1300 | 1303 |
for (int i = 0; i < groups.length; i++) { |
1301 | 1304 |
out.append(" <group>\n"); |
1302 |
out.append(" <groupname>" + groups[i][0] + "</groupname>\n");
|
|
1303 |
out.append(" <description>" + groups[i][1] + "</description>\n");
|
|
1305 |
out.append(" <groupname>" + StringEscapeUtils.escapeXml(groups[i][0]) + "</groupname>\n");
|
|
1306 |
out.append(" <description>" + StringEscapeUtils.escapeXml(groups[i][1]) + "</description>\n");
|
|
1304 | 1307 |
String[] usersForGroup = getUsers(user, password, groups[i][0]); |
1305 | 1308 |
for (int j = 0; j < usersForGroup.length; j++) { |
1306 | 1309 |
userIndex = searchUser(usersForGroup[j], users); |
1307 | 1310 |
out.append(" <user>\n"); |
1308 | 1311 |
|
1309 | 1312 |
if (userIndex < 0) { |
1310 |
out.append(" <username>" + usersForGroup[j]
|
|
1313 |
out.append(" <username>" + StringEscapeUtils.escapeXml(usersForGroup[j])
|
|
1311 | 1314 |
+ "</username>\n"); |
1312 | 1315 |
} else { |
1313 |
out.append(" <username>" + users[userIndex][0]
|
|
1316 |
out.append(" <username>" + StringEscapeUtils.escapeXml(users[userIndex][0])
|
|
1314 | 1317 |
+ "</username>\n"); |
1315 |
out.append(" <name>" + users[userIndex][1]
|
|
1318 |
out.append(" <name>" + StringEscapeUtils.escapeXml(users[userIndex][1])
|
|
1316 | 1319 |
+ "</name>\n"); |
1317 |
out.append(" <organization>" + users[userIndex][2]
|
|
1320 |
out.append(" <organization>" + StringEscapeUtils.escapeXml(users[userIndex][2])
|
|
1318 | 1321 |
+ "</organization>\n"); |
1319 | 1322 |
if (users[userIndex][3].compareTo("null") != 0) { |
1320 | 1323 |
out.append(" <organizationUnitName>" |
1321 |
+ users[userIndex][3]
|
|
1324 |
+ StringEscapeUtils.escapeXml(users[userIndex][3])
|
|
1322 | 1325 |
+ "</organizationUnitName>\n"); |
1323 | 1326 |
} |
1324 |
out.append(" <email>" + users[userIndex][4]
|
|
1327 |
out.append(" <email>" + StringEscapeUtils.escapeXml(users[userIndex][4])
|
|
1325 | 1328 |
+ "</email>\n"); |
1326 | 1329 |
} |
1327 | 1330 |
|
... | ... | |
1335 | 1338 |
// for the users not belonging to any grou8p |
1336 | 1339 |
for (int j = 0; j < users.length; j++) { |
1337 | 1340 |
out.append(" <user>\n"); |
1338 |
out.append(" <username>" + users[j][0] + "</username>\n");
|
|
1339 |
out.append(" <name>" + users[j][1] + "</name>\n");
|
|
1341 |
out.append(" <username>" + StringEscapeUtils.escapeXml(users[j][0]) + "</username>\n");
|
|
1342 |
out.append(" <name>" + StringEscapeUtils.escapeXml(users[j][1]) + "</name>\n");
|
|
1340 | 1343 |
out |
1341 |
.append(" <organization>" + users[j][2]
|
|
1344 |
.append(" <organization>" + StringEscapeUtils.escapeXml(users[j][2])
|
|
1342 | 1345 |
+ "</organization>\n"); |
1343 | 1346 |
if (users[j][3].compareTo("null") != 0) { |
1344 |
out.append(" <organizationUnitName>" + users[j][3]
|
|
1347 |
out.append(" <organizationUnitName>" + StringEscapeUtils.escapeXml(users[j][3])
|
|
1345 | 1348 |
+ "</organizationUnitName>\n"); |
1346 | 1349 |
} |
1347 |
out.append(" <email>" + users[j][4] + "</email>\n");
|
|
1350 |
out.append(" <email>" + StringEscapeUtils.escapeXml(users[j][4]) + "</email>\n");
|
|
1348 | 1351 |
out.append(" </user>\n"); |
1349 | 1352 |
} |
1350 | 1353 |
} |
Also available in: Unified diff
Escape the user names, group name and other information in the xml format.