List searchInvalidAuthNs()

in src/main/java/org/apache/directory/fortress/core/impl/AuditDAO.java [228:314]

• 67 lines of code
• 9 McCabe index (conditional complexity)

    List<AuthZ> searchInvalidAuthNs( UserAudit audit ) throws FinderException
    {
        List<AuthZ> auditList = new ArrayList<>();
        LdapConnection ld = null;
        String auditRoot = Config.getInstance().getProperty( AUDIT_ROOT );
        String userRoot = Config.getInstance().getProperty( GlobalIds.USER_ROOT );

        try
        {
            // use wildcard for user if not passed in:
            //reqDN: uid=foo,ou=People,dc=jts,dc=com
            //(&
            //  (objectclass=auditSearch)
            //      (reqDN=uid=*,ou=People,dc=jts,dc=com)
            //      (reqAuthzID=cn=Manager,dc=jts,dc=com)
            //      (reqEntries=0)
            // )

            String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(";
            String userId;

            if ( StringUtils.isNotEmpty( audit.getUserId() ) )
            {
                userId = audit.getUserId();
                filter += REQDN + "=" + SchemaConstants.UID_AT + "=" + userId + "," + userRoot + ")(" +
                    REQUAUTHZID + "=" + "cn=Manager," + Config.getInstance().getProperty( GlobalIds.SUFFIX ) + ")";
            }
            else
            {
                // pull back all failed authN attempts for all users:
                filter += REQATTR + "=" + SchemaConstants.UID_AT + ")(" +
                    REQUAUTHZID + "=" + "cn=Manager," + Config.getInstance().getProperty( GlobalIds.SUFFIX ) + ")";
            }

            if ( audit.isFailedOnly() )
            {
                filter += "(" + REQENTRIES + "=" + 0 + ")";
            }

            if ( audit.getBeginDate() != null )
            {
                String szTime = TUtil.encodeGeneralizedTime( audit.getBeginDate() );
                filter += "(" + REQEND + ">=" + szTime + ")";
            }

            filter += ")";

            //log.warn("filter=" + filter);
            ld = getLogConnection();
            try ( SearchCursor searchResults = search( ld, auditRoot,
                SearchScope.ONELEVEL, filter, AUDIT_AUTHZ_ATRS, false, Config.getInstance().getInt(GlobalIds.CONFIG_LDAP_MAX_BATCH_SIZE, GlobalIds.BATCH_SIZE ) ) )
            {
                long sequence = 0;
                while ( searchResults.next() )
                {
                    AuthZ authZ = getAuthzEntityFromLdapEntry( searchResults.getEntry(), sequence++ );
                    // todo: fix this workaround. This search will return failed role assign searches as well.
                    // Work around is to remove the ou=People failed searches from user failed searches on authN.
                    if ( !AuditUtil.getAuthZId( authZ.getReqDN() ).equalsIgnoreCase( "People" ) )
                    {
                        auditList.add( authZ );
                    }
                }
            }
            catch ( IOException i )
            {
                String error = "IOException in AuditDAO.searchAuthZs id=" + i.getMessage();
                throw new FinderException( GlobalErrIds.AUDT_AUTHN_INVALID_FAILED, error, i );
            }
            catch ( CursorException e )
            {
                String error = "CursorException in AuditDAO.searchAuthZs id=" + e.getMessage();
                throw new FinderException( GlobalErrIds.AUDT_AUTHN_INVALID_FAILED, error, e );
            }
        }
        catch ( LdapException e )
        {
            String error = "LdapException in AuditDAO.searchAuthZs id=" + e;
            throw new FinderException( GlobalErrIds.AUDT_AUTHN_INVALID_FAILED, error, e );
        }
        finally
        {
            closeLogConnection( ld );
        }

        return auditList;
    }