欢迎访问我的个人网站==》 jiashubing.cn

AD登录过滤特殊字符,防止LDAP注入(代码库) 

private static final char[] LDAP_FILTER_ESCAPE_SEQUENCE = new char[]{'\\', '*', '(', ')', '\0', '/'};
private static final String[] LDAP_FILTER_ESCAPE_SEQUENCE_CHARACTER = new String[]{"\\5c", "\\2a", "\\28", "\\29", "\\00", "\\2f"};

public static String replaceFilter(String userInput) {
    if (com.yonyou.yht.sdkutils.StringUtils.isBlank(userInput)) {
        return userInput;
    }

    String tmp = userInput;
    for (int charIndex = 0; charIndex < LDAP_FILTER_ESCAPE_SEQUENCE.length; ++charIndex) {
        int index = tmp.indexOf(LDAP_FILTER_ESCAPE_SEQUENCE[charIndex]);
        if (index != -1) {
            tmp = tmp.replace(String.valueOf(LDAP_FILTER_ESCAPE_SEQUENCE[charIndex]), LDAP_FILTER_ESCAPE_SEQUENCE_CHARACTER[charIndex]);
        }
    }
    return tmp;
}

 

原创文章,欢迎转载,转载请注明出处!

posted @ 2021-02-01 16:44  贾树丙  阅读(489)  评论(0编辑  收藏  举报