Repository: knox Updated Branches: refs/heads/master 1a67f33db -> 0b52704ac
KNOX-403: Optimize KnoxLdapRealm to reduce number of ldapsearches Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/0b52704a Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/0b52704a Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/0b52704a Branch: refs/heads/master Commit: 0b52704ac57d36cfcf8519ede464e6769d577f00 Parents: 1a67f33 Author: Dilli Dorai Arumugam <[email protected]> Authored: Tue Jul 15 17:57:11 2014 -0700 Committer: Dilli Dorai Arumugam <[email protected]> Committed: Thu Jul 24 22:20:28 2014 -0700 ---------------------------------------------------------------------- .../hadoop/gateway/shirorealm/KnoxLdapRealm.java | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/0b52704a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java ---------------------------------------------------------------------- diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java index 79c721d..9874da2 100644 --- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java +++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java @@ -198,9 +198,16 @@ public class KnoxLdapRealm extends JndiLdapRealm { "objectClass=" + groupObjectClass, SUBTREE_SCOPE); + String userDn = null; + if (userSearchAttributeName == null || userSearchAttributeName.isEmpty()) { + // memberAttributeValuePrefix and memberAttributeValueSuffix were computed from memberAttributeValueTemplate + userDn = memberAttributeValuePrefix + userName + memberAttributeValueSuffix; + } else { + userDn = getUserDn(userName); + } while (searchResultEnum.hasMore()) { // searchResults contains all the groups in search scope final SearchResult group = searchResultEnum.next(); - addRoleIfMember(userName, group, roleNames, groupNames, ldapContextFactory); + addRoleIfMember(userDn, group, roleNames, groupNames, ldapContextFactory); } // save role names and group names in session so that they can be easily looked up outside of this object @@ -210,17 +217,10 @@ public class KnoxLdapRealm extends JndiLdapRealm { return roleNames; } - private void addRoleIfMember(final String userName, final SearchResult group, + private void addRoleIfMember(final String userDn, final SearchResult group, final Set<String> roleNames, final Set<String> groupNames, final LdapContextFactory ldapContextFactory) throws NamingException { - String userDn = null; - if (userSearchAttributeName == null || userSearchAttributeName.isEmpty()) { - // memberAttributeValuePrefix and memberAttributeValueSuffix were computed from memberAttributeValueTemplate - userDn = memberAttributeValuePrefix + userName + memberAttributeValueSuffix; - } else { - userDn = getUserDn(userName); - } LdapName userLdapDn = new LdapName(userDn); Attribute attribute = group.getAttributes().get(getGroupIdAttribute()); String groupName = attribute.get().toString();
