Do not use anonymous or unauthenticated authentication mechanisms with a blind LDAP client request because they allow unauthorized access without passwords.
1public void createDirContextNoncompliant(String password) throws NamingException {
2 Hashtable<String, Object> environment = new Hashtable<>();
3 environment.put(Context.INITIAL_CONTEXT_FACTORY, "ldap context factory");
4 environment.put(Context.PROVIDER_URL, "context provider url");
5 // Noncompliant: authentication disabled.
6 environment.put(Context.SECURITY_AUTHENTICATION, "none");
7 DirContext dirContext = new InitialDirContext(environment);
8}
1public void createDirContextCompliant(String password) throws NamingException {
2 Hashtable<String, Object> environment = new Hashtable<>();
3 environment.put(Context.INITIAL_CONTEXT_FACTORY, "ldap context factory");
4 environment.put(Context.PROVIDER_URL, "context provider url");
5 // Compliant: simple security authentication used.
6 environment.put(Context.SECURITY_AUTHENTICATION, "simple");
7 environment.put(Context.SECURITY_PRINCIPAL, "a=something, b=something, c=something else");
8 environment.put(Context.SECURITY_CREDENTIALS, password);
9 DirContext dirContext = new InitialDirContext(environment);
10}