[jboss-jira] [JBoss JIRA] (SECURITY-891) rolesSearch is doing a needless LDAP call for each individual role
Tom Fonteyne (JIRA)
issues at jboss.org
Thu May 21 09:24:19 EDT 2015
Tom Fonteyne created SECURITY-891:
-------------------------------------
Summary: rolesSearch is doing a needless LDAP call for each individual role
Key: SECURITY-891
URL: https://issues.jboss.org/browse/SECURITY-891
Project: PicketBox
Issue Type: Bug
Components: JBossSX, Security-SPI
Affects Versions: PicketBox_4_9_2.Final
Reporter: Tom Fonteyne
Assignee: Tom Fonteyne
https://github.com/picketbox/picketbox/blob/master/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
line 690:
// Query the context for the roleDN values
String[] attrNames = {roleAttributeID};
Attributes result = null;
if (sr.isRelative()) {
result = ldapCtx.getAttributes(quoteDN(dn), attrNames);
The getAttributes method forces another roundtrip to the LDAP server, while the required attribute is in fact already present on the "sr" SearchResult object.
If a user is a member of (lets say) 100 groups, then we can get an extra 100 calls to the LDAP server.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list