[GitHub] incubator-guacamole-client pull request #132: GUACAMOLE-101: Allow Filtering...

Tue, 28 Mar 2017 08:27:27 -0700 

Github user mike-jumper commented on a diff in the pull request:

    
https://github.com/apache/incubator-guacamole-client/pull/132#discussion_r108454222
  
    --- Diff: 
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java
 ---
    @@ -85,11 +85,20 @@ private void putAllUsers(Map<String, User> users, 
LDAPConnection ldapConnection,
     
             try {
     
    +            // Build a filter using the configured or default user search 
filter
    +            // to find all user objects in the LDAP tree
    +            StringBuilder userSearchFilter = new StringBuilder();
    +            userSearchFilter.append("(&");
    +            userSearchFilter.append(confService.getUserSearchFilter());
    +            userSearchFilter.append("(" + 
escapingService.escapeLDAPSearchFilter(usernameAttribute) + "=*)");
    --- End diff --
    
    If using a `StringBuilder` (good), you shouldn't be doing string 
concatenation with `+`. The inline concatenation here will actually result in 
Java creating a temporary `StringBuilder` for the concatenation operation.
    
    You should either do the whole thing with a single line of chained `+`:
    
        "(&" + confService.getUserSearchFilter() + "(" + 
escapingService.escapeLDAPSearchFilter(usernameAttribute) + "=*))"
    
    or use only the `StringBuilder` you've created:
    
        StringBuilder userSearchFilter = new StringBuilder();
        userSearchFilter.append("(&");
        userSearchFilter.append(confService.getUserSearchFilter());
        userSearchFilter.append("(");
        
userSearchFilter.append(escapingService.escapeLDAPSearchFilter(usernameAttribute));
        userSearchFilter.append("=*))");
    
    FYI: In the case of the construction of the other query below 
(```StringBuilder ldapQuery = ...```), the use of a `StringBuilder` is 
absolutely necessary, since parts of the concatenation operation are 
conditional, and using Java's `+` operator would result in unnecessary creation 
of temporary `String` and `StringBuilder` objects for intermediate results.
    
    In this case, you're safe either way, but using both is wasteful.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

Reply via email to