1

有没有办法将存储在字符串中的 LDAP 属性用作 RegEx 模式?

我在想这样的事情:

PASSWORD_WITH_LDAP_ATTRIBUTE = Pattern.compile(userid + "|" + ssn + "|" + bdate + "|" + empNo + "|" + telNo);

我已经试过这个了。在我输入的任何字符串中,正则表达式总是找到匹配项,即使它不是明确的匹配项。

这是可能的还是我在冒险尝试不可能的事情?

这是整个方法:

private static Pattern PASSWORD_WITH_LDAP_ATTRIBUTE = null;


private boolean checkForLdapAttributes(final String newPassword) throws LDAPException{
    LoggingEnt loggingEnt = new LoggingEnt();
    String userid = loggingEnt.getUseridCode();
    String ssn = loggingEnt.getSocialSecurityNumber();
    String bdate = loggingEnt.getBirthDate();
    String empNo = loggingEnt.getEmployeeNumber();
    String telNo = loggingEnt.getTelephoneNumber();     

    PASSWORD_WITH_LDAP_ATTRIBUTE = Pattern.compile(userid + "|" + ssn + "|" + bdate + "|" + empNo + "|" + telNo);
    matcher = PASSWORD_WITH_LDAP_ATTRIBUTE.matcher(newPassword);

    if(PASSWORD_WITH_LDAP_ATTRIBUTE.matcher(newPassword).find()){
        isPasswordAccepted = false;
        loggingEnt.setMsg1("You cannot use any of your Username, Social Security No., Birthdate, Employee No., and Telephone No. as password.");
        throw new LDAPException("Invalid password combination for " + userid, LDAPException.INVALID_CREDENTIALS);
    } else {
        loggingEnt.setMsg1("Password accepted.");
        isPasswordAccepted = true;
    }

    return matcher.matches();
}
4

1 回答 1

1

你这样做是错误的。您不应该自己匹配密码属性。您应该尝试“绑定”到指定用户名和密码的 LDAP,会匹配您的密码。或不。

在 JNDI 中,'bind' 对应于LdapContext.reconnect().

于 2013-07-19T08:19:43.030 回答