knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dillido...@apache.org
Subject git commit: KNOX-403: Optimize KnoxLdapRealm to reduce number of ldapsearches
Date Fri, 25 Jul 2014 21:56:34 GMT
Repository: knox
Updated Branches:
  refs/heads/master 1a67f33db -> 0b52704ac


KNOX-403: Optimize KnoxLdapRealm to reduce number of ldapsearches


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/0b52704a
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/0b52704a
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/0b52704a

Branch: refs/heads/master
Commit: 0b52704ac57d36cfcf8519ede464e6769d577f00
Parents: 1a67f33
Author: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Authored: Tue Jul 15 17:57:11 2014 -0700
Committer: Dilli Dorai Arumugam <darumugam@hortonworks.com>
Committed: Thu Jul 24 22:20:28 2014 -0700

----------------------------------------------------------------------
 .../hadoop/gateway/shirorealm/KnoxLdapRealm.java  | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/0b52704a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
index 79c721d..9874da2 100644
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
+++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
@@ -198,9 +198,16 @@ public class KnoxLdapRealm extends JndiLdapRealm {
             "objectClass=" + groupObjectClass, 
             SUBTREE_SCOPE);
         
+        String userDn = null;
+        if (userSearchAttributeName == null || userSearchAttributeName.isEmpty()) {
+          // memberAttributeValuePrefix and memberAttributeValueSuffix were computed from
memberAttributeValueTemplate
+          userDn = memberAttributeValuePrefix + userName + memberAttributeValueSuffix;
+        } else {
+          userDn = getUserDn(userName);
+        }
         while (searchResultEnum.hasMore()) { // searchResults contains all the groups in
search scope
             final SearchResult group = searchResultEnum.next();
-            addRoleIfMember(userName, group, roleNames, groupNames, ldapContextFactory);
+            addRoleIfMember(userDn, group, roleNames, groupNames, ldapContextFactory);
         }
         
         // save role names and group names in session so that they can be easily looked up
outside of this object
@@ -210,17 +217,10 @@ public class KnoxLdapRealm extends JndiLdapRealm {
         return roleNames;
     }
 
-  private void addRoleIfMember(final String userName, final SearchResult group,
+  private void addRoleIfMember(final String userDn, final SearchResult group,
       final Set<String> roleNames, final Set<String> groupNames,
       final LdapContextFactory ldapContextFactory) throws NamingException {
    
-    String userDn = null;
-    if (userSearchAttributeName == null || userSearchAttributeName.isEmpty()) {
-      // memberAttributeValuePrefix and memberAttributeValueSuffix were computed from memberAttributeValueTemplate
-      userDn = memberAttributeValuePrefix + userName + memberAttributeValueSuffix;
-    } else {
-      userDn = getUserDn(userName);
-    }
     LdapName userLdapDn = new LdapName(userDn);
     Attribute attribute = group.getAttributes().get(getGroupIdAttribute()); 
     String groupName = attribute.get().toString();


Mime
View raw message