clebertsuconic commented on a change in pull request #2451: ARTEMIS-2192 LegacyLDAPSecuritySettingPlugin uses hard-coded RDN types URL: https://github.com/apache/activemq-artemis/pull/2451#discussion_r248871028
########## File path: artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/LegacyLDAPSecuritySettingPlugin.java ########## @@ -330,25 +330,29 @@ private void processSearchResult(Map<String, Set<Role>> securityRoles, String permissionType = null; String destination = null; String destinationType = "unknown"; - for (Rdn rdn : searchResultLdapName.getRdns()) { - if (rdn.getType().equals("cn")) { - logger.debug("\tPermission type: " + rdn.getValue()); - permissionType = rdn.getValue().toString(); - } - if (rdn.getType().equals("uid")) { - logger.debug("\tDestination name: " + rdn.getValue()); - destination = rdn.getValue().toString(); - } - if (rdn.getType().equals("ou")) { - String rawDestinationType = rdn.getValue().toString(); - if (rawDestinationType.toLowerCase().contains("queue")) { - destinationType = "queue"; - } else if (rawDestinationType.toLowerCase().contains("topic")) { - destinationType = "topic"; - } - logger.debug("\tDestination type: " + destinationType); - } + List<Rdn> rdns = searchResultLdapName.getRdns(); + if (rdns.size() != 3) { + logger.debug("\tSkipping unexpected search result with " + rdns.size() + " RDNs."); + return; } + // we can count on the RNDs being in order from right to left + Rdn rdn = rdns.get(0); + String rawDestinationType = rdn.getValue().toString(); + if (rawDestinationType.toLowerCase().contains("queue")) { + destinationType = "queue"; + } else if (rawDestinationType.toLowerCase().contains("topic")) { + destinationType = "topic"; + } + logger.debug("\tDestination type: " + destinationType); + + rdn = rdns.get(1); + logger.debug("\tDestination name: " + rdn.getValue()); + destination = rdn.getValue().toString(); + + rdn = rdns.get(2); + logger.debug("\tPermission type: " + rdn.getValue()); Review comment: nit pik.. how often is this called? this should be using if (loger.isDebugEnabled()) before the call on logger.debug since it has concatenations in place here. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services