You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geronimo.apache.org by "Vamsavardhana Reddy (JIRA)" <de...@geronimo.apache.org> on 2005/11/21 06:43:25 UTC

[jira] Commented: (GERONIMO-1206) SQLSecurityRealm doesn't work with PostgreSQL

    [ http://issues.apache.org/jira/browse/GERONIMO-1206?page=comments#action_12358115 ] 

Vamsavardhana Reddy commented on GERONIMO-1206:
-----------------------------------------------

What happens when an SQL like the following is used? 

(SELECT user, password FROM users WHERE username=?) UNION (SELECT usrnam, pwd FROM moreusers WHERE usrnam=?)

> SQLSecurityRealm doesn't work with PostgreSQL
> ---------------------------------------------
>
>          Key: GERONIMO-1206
>          URL: http://issues.apache.org/jira/browse/GERONIMO-1206
>      Project: Geronimo
>         Type: Bug
>   Components: security, databases
>     Versions: 1.0-M5
>     Reporter: Aaron Mulder
>     Assignee: Aaron Mulder
>      Fix For: 1.0

>
> The SQLSecurity realm tries to be clever and dynamically discover the number of prepared statement parameters (?'s) in the queries.  PostgreSQL doesn't support the getParameterMetaData call this relies upon.  Since this was just a convenience anyway, I'm going to remove the dynamicness and require that the user and group SQL statements have exactly 1 ? which stands for the username.  As in:
> SELECT user, password FROM users WHERE username=?
> SELECT user, role FROM user_roles WHERE username=?

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira