I want to check logged in user’s authorization based on ‘groupmembership’ header attribute.
The output of
<logger level="INFO" message="groups are =#[message.inboundProperties['GROUPMEMBERSHIP']]" doc:name="Logger"/> is
[groups are =cn=ZZZ-XXXX-Write-Users,ou= ZZZ-XXXX,ou=1234,ou=Groups,dc=someone,dc=net]
Now a user can have multiple group memberships but all I am interested in checking if user is member of ‘ZZZ-XXXX-Write-Users’?
Is there a way in MEL to check that, something like
<when expression="#[message.inboundProperties.GROUPMEMBERSHIP.cn != ' ZZZ-XXXX-Write-Users ']">
Is this the right approach or am I missing anything here?
The scenario you describe looks more like a flow control stuff. In that case I would say that you use just that MEL expression inside a choice router:
<choice doc:name="Choice">
<when expression="#[!message.inboundProperties.GROUPMEMBERSHIP.cn.equals('ZZZ-XXXX-Write-Users')]">
<!-- DO SOMETHING -->
</when
<otherwise>
<!-- DO SOMETHING ELSE -->
</otherwise>
</choice>
Just a small change the use of equals to compare strings ;).
The other option, as we are talking flow control here, is a filter. A expression filter will just ignore the message if the expression doesn't evaluate to true. The catch with this is, it either pass or not you can not have an alternative route not even a log message saying that a message was filtered.
<expression-filter expression="#[!message.inboundProperties.GROUPMEMBERSHIP.cn.equals('ZZZ-XXXX-Write-Users')]" doc:name="Expression"/>
HTH