Check That Credentials Are Non-Null

jzheaux · jzheaux · commit 279c11060415 · 2022-05-12T10:33:17.000-06:00
Closes gh-538
diff --git a/core/src/main/java/org/springframework/ldap/core/support/AbstractContextSource.java b/core/src/main/java/org/springframework/ldap/core/support/AbstractContextSource.java
@@ -16,8 +16,24 @@
 
 package org.springframework.ldap.core.support;
 
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Hashtable;
+import java.util.ListIterator;
+import java.util.Map;
+
+import javax.naming.Context;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.DirContext;
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.ldap.UncategorizedLdapException;
 import org.springframework.ldap.core.AuthenticationSource;
@@ -28,21 +44,6 @@
 import org.springframework.util.ObjectUtils;
 import org.springframework.util.StringUtils;
 
-import javax.naming.Context;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.directory.Attribute;
-import javax.naming.directory.Attributes;
-import javax.naming.directory.DirContext;
-import javax.naming.ldap.LdapName;
-import javax.naming.ldap.Rdn;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.Hashtable;
-import java.util.ListIterator;
-import java.util.Map;
-
 /**
  * Abstract implementation of the {@link ContextSource} interface. By default,
  * returns an authenticated
@@ -424,8 +425,13 @@ public void afterPropertiesSet() {
 				LOG.info("Property 'userDn' not set - " + "anonymous context will be used for read-write operations");
 				anonymousReadOnly = true;
 			}
-			else if (!StringUtils.hasText(password)) {
-				LOG.info("Property 'password' not set - " + "blank password will be used");
+			if (!anonymousReadOnly) {
+				if (password == null) {
+					throw new IllegalArgumentException("Property 'password' cannot be null. To use a blank password, please ensure it is set to \"\"");
+				}
+				if (!StringUtils.hasText(password)) {
+					LOG.info("Property 'password' not set - " + "blank password will be used");
+				}
 			}
 			authenticationSource = new SimpleAuthenticationSource();
 		}
diff --git a/core/src/test/java/org/springframework/ldap/core/support/LdapContextSourceTest.java b/core/src/test/java/org/springframework/ldap/core/support/LdapContextSourceTest.java
@@ -46,7 +46,16 @@ public void testAfterPropertiesSet_NoUrl() throws Exception {
         tested.afterPropertiesSet();
     }
 
-    @Test
+	// gh-538
+	@Test(expected = IllegalArgumentException.class)
+	public void testAfterPropertiesSet_NullPassword() {
+		tested.setUrl("ldap://ldap.example.com:389");
+		tested.setUserDn("value");
+		tested.setPassword(null);
+		tested.afterPropertiesSet();
+	}
+
+	@Test
 	public void testGetAnonymousEnv() throws Exception {
 		tested.setBase("dc=some example,dc=se");
 		tested.setUrl("ldap://ldap.example.com:389");
