You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by dj...@apache.org on 2007/10/29 23:30:19 UTC
svn commit: r589894 - in /db/derby/code/trunk/java:
engine/org/apache/derby/catalog/SystemProcedures.java
engine/org/apache/derby/iapi/util/IdUtil.java
testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java
Author: djd
Date: Mon Oct 29 15:30:19 2007
New Revision: 589894
URL: http://svn.apache.org/viewvc?rev=589894&view=rev
Log:
DERBY-3158 DERBY-3159 Ensure that SYSCS_SET_USER_ACCESS: 1) always sets the user name in the lists in its delimited form. 2) Allows repeated calls to set the permission for the same user by always clearing both lists of that user name before adding. 3) Allows user names with characters that require quoting in SQL by not validating the name as a SQL identifier since the passed in user name is a normalized user name.
Modified:
db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java
db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/IdUtil.java
db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java
Modified: db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java?rev=589894&r1=589893&r2=589894&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/catalog/SystemProcedures.java Mon Oct 29 15:30:19 2007
@@ -1555,48 +1555,52 @@
/**
* Set the connection level authorization for
* a specific user - SYSCS_UTIL.SYSCS_SET_USER_ACCESS.
+ *
+ * @param userName name of the user in its normal form (not a SQL identifier).
+ * @param connectionPermission
* @throws SQLException Error setting the permission
*/
public static void SYSCS_SET_USER_ACCESS(String userName,
String connectionPermission)
throws SQLException
{
- try {
- // Validate the name, however the name stored in
- // the properties is in the external format, as a
- // quoted identifier if required. The external form
- // is what the user passes into this method so that
- // gets used in modifying the lists.
- IdUtil.getUserAuthorizationId(userName);
+ try {
+
+ if (userName == null)
+ throw StandardException.newException(SQLState.AUTH_INVALID_USER_NAME,
+ userName);
String addListProperty;
if (Property.FULL_ACCESS.equals(connectionPermission))
{
- removeFromAccessList(Property.READ_ONLY_ACCESS_USERS_PROPERTY,
- userName);
addListProperty = Property.FULL_ACCESS_USERS_PROPERTY;
}
else if (Property.READ_ONLY_ACCESS.equals(connectionPermission))
- {
- removeFromAccessList(Property.FULL_ACCESS_USERS_PROPERTY,
- userName);
+ {
addListProperty = Property.READ_ONLY_ACCESS_USERS_PROPERTY;
}
else if (connectionPermission == null)
{
- removeFromAccessList(Property.FULL_ACCESS_USERS_PROPERTY,
- userName);
- removeFromAccessList(Property.READ_ONLY_ACCESS_USERS_PROPERTY,
- userName);
- return;
+ // Remove from the lists but don't add back into any.
+ addListProperty = null;
}
else
throw StandardException.newException(SQLState.UU_UNKNOWN_PERMISSION,
connectionPermission);
+
+ // Always remove from both lists to avoid any repeated
+ // user on list errors.
+ removeFromAccessList(Property.FULL_ACCESS_USERS_PROPERTY,
+ userName);
+ removeFromAccessList(Property.READ_ONLY_ACCESS_USERS_PROPERTY,
+ userName);
- String addList = SYSCS_GET_DATABASE_PROPERTY(addListProperty);
- SYSCS_SET_DATABASE_PROPERTY(addListProperty,
- IdUtil.appendId(userName, addList));
+
+ if (addListProperty != null) {
+ String addList = SYSCS_GET_DATABASE_PROPERTY(addListProperty);
+ SYSCS_SET_DATABASE_PROPERTY(addListProperty,
+ IdUtil.appendNormalToList(userName, addList));
+ }
} catch (StandardException se) {
throw PublicAPI.wrapStandardException(se);
Modified: db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/IdUtil.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/IdUtil.java?rev=589894&r1=589893&r2=589894&view=diff
==============================================================================
--- db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/IdUtil.java (original)
+++ db/derby/code/trunk/java/engine/org/apache/derby/iapi/util/IdUtil.java Mon Oct 29 15:30:19 2007
@@ -58,17 +58,16 @@
public abstract class IdUtil
{
/**
- Delimit the identifier provided.
+ * Produce a delimited form of a normal value.
@return the delimited identifier.
*/
- private static String delimitId(String id)
+ public static String normalToDelimited(String id)
{
StringBuffer quotedBuffer = new StringBuffer();
quotedBuffer.append('\"');
- char[] charArray = id.toCharArray();
-
- for (int ix = 0; ix < charArray.length; ix++){
- char currentChar = charArray[ix];
+
+ for (int ix = 0; ix < id.length(); ix++){
+ char currentChar = id.charAt(ix);
quotedBuffer.append(currentChar);
if (currentChar == '\"')
quotedBuffer.append('\"');
@@ -87,11 +86,11 @@
String id2)
{
if( null == id1)
- return delimitId(id2);
+ return normalToDelimited(id2);
return
- delimitId(id1) +
+ normalToDelimited(id1) +
"." +
- delimitId(id2);
+ normalToDelimited(id2);
}
/**
@@ -103,7 +102,7 @@
for (int ix=0; ix < ids.length; ix++)
{
if (ix!=0) sb.append(".");
- sb.append(delimitId(ids[ix]));
+ sb.append(normalToDelimited(ids[ix]));
}
return sb.toString();
}
@@ -303,7 +302,7 @@
if (normalize)
return b.toString();
else
- return delimitId(b.toString()); //Put the quotes back.
+ return normalToDelimited(b.toString()); //Put the quotes back.
}
private static void verifyEmpty(java.io.Reader r)
@@ -581,7 +580,7 @@
for (int ix=0;ix<ids.length; ix++)
{
if (ix != 0) sb.append(",");
- sb.append(IdUtil.delimitId(ids[ix]));
+ sb.append(IdUtil.normalToDelimited(ids[ix]));
}
return sb.toString();
}
@@ -672,16 +671,21 @@
/**
- Append an id in external form.
- @return the list with the id appended.
+ * Append an identifier to a comma separated list
+ * of identifiers. The passed in identifier is its
+ * normal form, the list contains a list of SQL identifiers,
+ * either regular or delimited. This routine takes the easy
+ * way out and always appends a delimited identifier.
+ @return the list with the id appended in its delimited form.
@exception StandardException oops
*/
- public static String appendId(String id, String list)
+ public static String appendNormalToList(String id, String list)
throws StandardException
{
+ String delimitedId = normalToDelimited(id);
if (list==null)
- return id;
+ return delimitedId;
else
- return list+","+id;
+ return list+","+delimitedId;
}
}
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java?rev=589894&r1=589893&r2=589894&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/AuthenticationTest.java Mon Oct 29 15:30:19 2007
@@ -240,13 +240,21 @@
*/
private void userCasingTest(String jdbcUserName, String normalUserName,
Connection connUser) throws SQLException
- {
+ {
assertNormalUserName(normalUserName, connUser);
// DatabaseMetaData.getUserName() returns the user name used
// to make the request via JDBC.
assertEquals("DatabaseMetaData.getUserName()",
- jdbcUserName, connUser.getMetaData().getUserName());
+ jdbcUserName, connUser.getMetaData().getUserName());
+
+
+ Statement s = connUser.createStatement();
+
+ s.executeUpdate("CALL SYSCS_UTIL.SYSCS_SET_USER_ACCESS(" +
+ "CURRENT_USER, 'FULLACCESS')");
+
+ s.close();
JDBC.cleanup(connUser);
}
@@ -817,9 +825,6 @@
csSetAccess.setString(2, "FULLACCESS");
assertStatementError("28502", csSetAccess);
- csSetAccess.setString(1, "123"); // not an identifier.
- csSetAccess.setString(2, "FULLACCESS");
- assertStatementError("28502", csSetAccess);
// Random user will now have only READONLYACCESS
setDatabaseProperty(