boolean isUserMemberOfDynamicGroup()

in gateway-provider-security-shiro/src/main/java/org/apache/knox/gateway/shirorealm/KnoxLdapRealm.java [538:596]

• 49 lines of code
• 10 McCabe index (conditional complexity)

  boolean isUserMemberOfDynamicGroup(LdapName userLdapDn, String memberUrl,
      final LdapContextFactory ldapContextFactory) throws NamingException {

    // ldap://host:port/dn?attributes?scope?filter?extensions

    boolean member = false;

    if (memberUrl == null) {
      return false;
    }
    String[] tokens = memberUrl.split("\\?");
    if (tokens.length < 4) {
      return false;
    }

    String searchBaseString = tokens[0]
        .substring(tokens[0].lastIndexOf('/') + 1);
    String searchScope = tokens[2];
    String searchFilter = tokens[3];

    LdapName searchBaseDn = new LdapName(searchBaseString);

    // do scope test
    if ("base".equalsIgnoreCase(searchScope)) {
      return false;
    }
    if (!userLdapDn.toString().endsWith(searchBaseDn.toString())) {
      return false;
    }
    if ("one".equalsIgnoreCase(searchScope)
        && (userLdapDn.size() != searchBaseDn.size() - 1)) {
      return false;
    }
    // search for the filter, substituting base with userDn
    // search for base_dn=userDn, scope=base, filter=filter
    LdapContext systemLdapCtx;
    systemLdapCtx = ldapContextFactory.getSystemLdapContext();
    NamingEnumeration<SearchResult> searchResultEnum = null;
    try {
      searchResultEnum = systemLdapCtx
        .search(userLdapDn, searchFilter,
            "sub".equalsIgnoreCase(searchScope) ? SUBTREE_SCOPE
                : ONELEVEL_SCOPE);
      if (searchResultEnum.hasMore()) {
        return true;
      }
    }
    finally {
        try {
          if (searchResultEnum != null) {
            searchResultEnum.close();
          }
        }
        finally {
          LdapUtils.closeContext(systemLdapCtx);
        }
    }
    return member;
  }