You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org> on 2005/11/20 07:50:24 UTC

[jira] Created: (GERONIMO-1206) SQLSecurityRealm doesn't work with PostgreSQL

SQLSecurityRealm doesn't work with PostgreSQL
---------------------------------------------

         Key: GERONIMO-1206
         URL: http://issues.apache.org/jira/browse/GERONIMO-1206
     Project: Geronimo
        Type: Bug
  Components: security, databases  
    Versions: 1.0-M5    
    Reporter: Aaron Mulder
 Assigned to: Aaron Mulder 
     Fix For: 1.0


The SQLSecurity realm tries to be clever and dynamically discover the number of prepared statement parameters (?'s) in the queries.  PostgreSQL doesn't support the getParameterMetaData call this relies upon.  Since this was just a convenience anyway, I'm going to remove the dynamicness and require that the user and group SQL statements have exactly 1 ? which stands for the username.  As in:

SELECT user, password FROM users WHERE username=?
SELECT user, role FROM user_roles WHERE username=?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (GERONIMO-1206) SQLSecurityRealm doesn't work with PostgreSQL

Posted by "Vamsavardhana Reddy (JIRA)" <de...@geronimo.apache.org>.

    [ http://issues.apache.org/jira/browse/GERONIMO-1206?page=comments#action_12358343 ] 

Vamsavardhana Reddy commented on GERONIMO-1206:
-----------------------------------------------

Taking parameter count as 1 might break the backward compatibility offered (at no extra cost) by the earlier code.  Instead of taking the parameter count as 1, may be the number of occurrences of '?' in the SQL statement can be counted and then the preparedstatement.setObject() can be run in a loop catching any exceptions due to parameter index out of range.

> SQLSecurityRealm doesn't work with PostgreSQL
> ---------------------------------------------
>
>          Key: GERONIMO-1206
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1206
>      Project: Geronimo
>         Type: Bug
>   Components: security, databases
>     Versions: 1.0-M5
>     Reporter: Aaron Mulder
>     Assignee: Aaron Mulder
>      Fix For: 1.0

>
> The SQLSecurity realm tries to be clever and dynamically discover the number of prepared statement parameters (?'s) in the queries.  PostgreSQL doesn't support the getParameterMetaData call this relies upon.  Since this was just a convenience anyway, I'm going to remove the dynamicness and require that the user and group SQL statements have exactly 1 ? which stands for the username.  As in:
> SELECT user, password FROM users WHERE username=?
> SELECT user, role FROM user_roles WHERE username=?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Updated: (GERONIMO-1206) SQLSecurityRealm doesn't work with PostgreSQL

Posted by "Vamsavardhana Reddy (JIRA)" <de...@geronimo.apache.org>.

     [ http://issues.apache.org/jira/browse/GERONIMO-1206?page=all ]

Vamsavardhana Reddy updated GERONIMO-1206:
------------------------------------------

    Attachment: GERONIMO-1206.patch

GERONIMO-1206.patch: As per the above comment.

Aaron, can you please check if this patch works with PostgreSQL.   -Thanks

> SQLSecurityRealm doesn't work with PostgreSQL
> ---------------------------------------------
>
>          Key: GERONIMO-1206
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1206
>      Project: Geronimo
>         Type: Bug
>   Components: security, databases
>     Versions: 1.0-M5
>     Reporter: Aaron Mulder
>     Assignee: Aaron Mulder
>      Fix For: 1.0
>  Attachments: GERONIMO-1206.patch
>
> The SQLSecurity realm tries to be clever and dynamically discover the number of prepared statement parameters (?'s) in the queries.  PostgreSQL doesn't support the getParameterMetaData call this relies upon.  Since this was just a convenience anyway, I'm going to remove the dynamicness and require that the user and group SQL statements have exactly 1 ? which stands for the username.  As in:
> SELECT user, password FROM users WHERE username=?
> SELECT user, role FROM user_roles WHERE username=?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Reopened: (GERONIMO-1206) SQLSecurityRealm doesn't work with PostgreSQL

Posted by "Vamsavardhana Reddy (JIRA)" <de...@geronimo.apache.org>.

     [ http://issues.apache.org/jira/browse/GERONIMO-1206?page=all ]
     
Vamsavardhana Reddy reopened GERONIMO-1206:
-------------------------------------------


> SQLSecurityRealm doesn't work with PostgreSQL
> ---------------------------------------------
>
>          Key: GERONIMO-1206
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1206
>      Project: Geronimo
>         Type: Bug
>   Components: security, databases
>     Versions: 1.0-M5
>     Reporter: Aaron Mulder
>     Assignee: Aaron Mulder
>      Fix For: 1.0
>  Attachments: GERONIMO-1206.patch
>
> The SQLSecurity realm tries to be clever and dynamically discover the number of prepared statement parameters (?'s) in the queries.  PostgreSQL doesn't support the getParameterMetaData call this relies upon.  Since this was just a convenience anyway, I'm going to remove the dynamicness and require that the user and group SQL statements have exactly 1 ? which stands for the username.  As in:
> SELECT user, password FROM users WHERE username=?
> SELECT user, role FROM user_roles WHERE username=?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Resolved: (GERONIMO-1206) SQLSecurityRealm doesn't work with PostgreSQL

Posted by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org>.

     [ http://issues.apache.org/jira/browse/GERONIMO-1206?page=all ]
     
Aaron Mulder resolved GERONIMO-1206:
------------------------------------

    Resolution: Fixed

The patch is not valid.  If we call getParameterMetaData.getCount, MySQL JDBC 3.0.17 throws a connect error, and even if we squash any exception, our connection error listener (probably quite reasonably) then dumps errors and tosses the connection out of the pool, etc.

Sorry, but I will not consider any more patches that include a call to getParameterMetaData.  Hopefully, given time, the vendors will catch up on this.

> SQLSecurityRealm doesn't work with PostgreSQL
> ---------------------------------------------
>
>          Key: GERONIMO-1206
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1206
>      Project: Geronimo
>         Type: Bug
>   Components: security, databases
>     Versions: 1.0-M5
>     Reporter: Aaron Mulder
>     Assignee: Aaron Mulder
>      Fix For: 1.0
>  Attachments: GERONIMO-1206.patch
>
> The SQLSecurity realm tries to be clever and dynamically discover the number of prepared statement parameters (?'s) in the queries.  PostgreSQL doesn't support the getParameterMetaData call this relies upon.  Since this was just a convenience anyway, I'm going to remove the dynamicness and require that the user and group SQL statements have exactly 1 ? which stands for the username.  As in:
> SELECT user, password FROM users WHERE username=?
> SELECT user, role FROM user_roles WHERE username=?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Resolved: (GERONIMO-1206) SQLSecurityRealm doesn't work with PostgreSQL

Posted by "Aaron Mulder (JIRA)" <de...@geronimo.apache.org>.

     [ http://issues.apache.org/jira/browse/GERONIMO-1206?page=all ]
     
Aaron Mulder resolved GERONIMO-1206:
------------------------------------

    Resolution: Fixed

Revision 345728

> SQLSecurityRealm doesn't work with PostgreSQL
> ---------------------------------------------
>
>          Key: GERONIMO-1206
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1206
>      Project: Geronimo
>         Type: Bug
>   Components: security, databases
>     Versions: 1.0-M5
>     Reporter: Aaron Mulder
>     Assignee: Aaron Mulder
>      Fix For: 1.0

>
> The SQLSecurity realm tries to be clever and dynamically discover the number of prepared statement parameters (?'s) in the queries.  PostgreSQL doesn't support the getParameterMetaData call this relies upon.  Since this was just a convenience anyway, I'm going to remove the dynamicness and require that the user and group SQL statements have exactly 1 ? which stands for the username.  As in:
> SELECT user, password FROM users WHERE username=?
> SELECT user, role FROM user_roles WHERE username=?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (GERONIMO-1206) SQLSecurityRealm doesn't work with PostgreSQL

Posted by "Vamsavardhana Reddy (JIRA)" <de...@geronimo.apache.org>.

    [ http://issues.apache.org/jira/browse/GERONIMO-1206?page=comments#action_12358115 ] 

Vamsavardhana Reddy commented on GERONIMO-1206:
-----------------------------------------------

What happens when an SQL like the following is used? 

(SELECT user, password FROM users WHERE username=?) UNION (SELECT usrnam, pwd FROM moreusers WHERE usrnam=?)

> SQLSecurityRealm doesn't work with PostgreSQL
> ---------------------------------------------
>
>          Key: GERONIMO-1206
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1206
>      Project: Geronimo
>         Type: Bug
>   Components: security, databases
>     Versions: 1.0-M5
>     Reporter: Aaron Mulder
>     Assignee: Aaron Mulder
>      Fix For: 1.0

>
> The SQLSecurity realm tries to be clever and dynamically discover the number of prepared statement parameters (?'s) in the queries.  PostgreSQL doesn't support the getParameterMetaData call this relies upon.  Since this was just a convenience anyway, I'm going to remove the dynamicness and require that the user and group SQL statements have exactly 1 ? which stands for the username.  As in:
> SELECT user, password FROM users WHERE username=?
> SELECT user, role FROM user_roles WHERE username=?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira