[GitHub] incubator-guacamole-client pull request #68: add additional search filter fu...

[mike-jumper]

Github user mike-jumper commented on a diff in the pull request:

    
https://github.com/apache/incubator-guacamole-client/pull/68#discussion_r77440165
  
    --- Diff: 
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java
 ---
    @@ -205,38 +214,80 @@ private LDAPConnection bindAs(Credentials credentials)
          *     denied.
          */
         public AuthenticatedUser authenticateUser(Credentials credentials)
    -            throws GuacamoleException {
    -
    -        // Attempt bind
    -        LDAPConnection ldapConnection;
    -        try {
    -            ldapConnection = bindAs(credentials);
    -        }
    -        catch (GuacamoleException e) {
    -            logger.error("Cannot bind with LDAP server: {}", 
e.getMessage());
    -            logger.debug("Error binding with LDAP server.", e);
    -            ldapConnection = null;
    -        }
    -
    -        // If bind fails, permission to login is denied
    -        if (ldapConnection == null)
    -            throw new GuacamoleInvalidCredentialsException("Permission 
denied.", CredentialsInfo.USERNAME_PASSWORD);
    -
    -        try {
    -
    -            // Return AuthenticatedUser if bind succeeds
    -            AuthenticatedUser authenticatedUser = 
authenticatedUserProvider.get();
    -            authenticatedUser.init(credentials);
    -            return authenticatedUser;
    -
    -        }
    -
    -        // Always disconnect
    -        finally {
    -            ldapService.disconnect(ldapConnection);
    -        }
    -
    +                   throws GuacamoleException {
    +
    +           // Attempt bind
    +           LDAPConnection ldapConnection;
    +           try {
    +                   ldapConnection = bindAs(credentials);
    +           }
    +           catch (GuacamoleException e) {
    +                   logger.error("Cannot bind with LDAP server: {}", 
e.getMessage());
    +                   logger.debug("Error binding with LDAP server.", e);
    +                   ldapConnection = null;
    +           }
    +
    +           // If bind fails, permission to login is denied
    +           if (ldapConnection == null)
    +                   throw new 
GuacamoleInvalidCredentialsException("Permission denied.", 
CredentialsInfo.USERNAME_PASSWORD);
    +
    +           boolean authenticated=true;
    +           // check if login in user also meet additional search filter.
    +           if(confService.getAdditionalSearchFilter().length()>0)
    --- End diff --
    
    I'd go one further and say that using the empty string for default is bad 
practice. If the property is switched over to use `null` (ie: no default 
provided), then this check becomes much clearer:
    
    `if (confService.getAdditionalSearchFilter() != null)`
    
    There are other issues here beyond just that check, though. Most IDEs would 
be warning you at this point to use `isEmpty()`, not to just manually compare 
the length against zero.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---