public Collection<User> findUsers(Set<String> fields, String query) throws UnsupportedOperationException { if (fields.isEmpty()) { return Collections.emptyList(); } if (!getSearchFields().containsAll(fields)) { throw new IllegalArgumentException("Search fields " + fields + " are not valid."); } if (query == null || "".equals(query)) { return Collections.emptyList(); } // SQL LIKE queries don't map directly into a keyword/wildcard search like we want. // Therefore, we do a best approximiation by replacing '*' with '%' and then // surrounding the whole query with two '%'. This will return more data than desired, // but is better than returning less data than desired. query = "%" + query.replace('*', '%') + "%"; if (query.endsWith("%%")) { query = query.substring(0, query.length() - 1); } List<String> usernames = new ArrayList<String>(50); Connection con = null; Statement stmt = null; ResultSet rs = null; try { con = DbConnectionManager.getConnection(); stmt = con.createStatement(); StringBuilder sql = new StringBuilder(); sql.append("SELECT username FROM jiveUser WHERE"); boolean first = true; if (fields.contains("Username")) { sql.append(" username LIKE '").append(StringUtils.escapeForSQL(query)).append("'"); first = false; } if (fields.contains("Name")) { if (!first) { sql.append(" AND"); } sql.append(" name LIKE '").append(StringUtils.escapeForSQL(query)).append("'"); first = false; } if (fields.contains("Email")) { if (!first) { sql.append(" AND"); } sql.append(" email LIKE '").append(StringUtils.escapeForSQL(query)).append("'"); } rs = stmt.executeQuery(sql.toString()); while (rs.next()) { usernames.add(rs.getString(1)); } } catch (SQLException e) { Log.error(e); } finally { DbConnectionManager.closeConnection(rs, stmt, con); } return new UserCollection(usernames.toArray(new String[usernames.size()])); }